The DACS is a single user embedded system, and as such, must meet certain security requirements. These requirements are defined in the National Industrial Security Program Operating Manual (NISPOM). Chapter 8 - Section 5: “Information System Security - Special Categories” is of the most interest, and applies to the DACS. Sub-sections 8-500 and 8-501 are shown at the end of this application note for convenience. For more details please refer to the NISPOM document. Three points are of particular interest concerning the DACS:

1. The DACS supports a removable hard-drive option which allows a user to physically remove the DACS hard-drive. This allows the end customer to separate users and/or security levels with different physical hard-drives. The drives can also be removed after an exercise and stored in a secured location.
   
   
2. The BIOS, by default, is enabled to allow the DACS to boot without a keyboard. Once the Model Builder software is configured with the required model(s), the keyboard is no longer required. Running without a keyboard, no user would be able to physically access the Model Builder console or make changes to the DACS software. With a properly-configured Telestra server, it is possible to access and make changes to the DACS via the Remote Management System (RMS); if that is a concern, the Telestra should also be in a secure location. See the next section for more information.
   
   
3. If remote management and monitoring is not required, do not configure the DACS system to support it. The easiest way to do this is to omit RMS-specific configuration commands from the DACS’ config.sys file. See page 19 of the Telestra User Guide (DOC-01-TELS-UG-2, Rev. J) for more information.

At the time of this writing (June, 2005), only Telestra systems with 2.x series software (incl. RMS) can access and make changes to DACS systems, if so configured. To avoid unauthorized access to DACS systems:

1. Do not configure DACS for remote management.
   
   
2. Change the passwords for all Linux system user accounts, and the RMS web-management account. System accounts should be changed by the system administrator using the standard Linux command-line method. The RMS web-management password should be changed immediately after system installation in the “Prefs.” section of the RMS web interface.

This section is provided as a guide on how to clear common memory systems used on ASTi DACS platforms. Due to the wide variety of security requirements, this guide may not cover all installations. Please consult your security officer for information on your specific security requirements.

For a list of the types of memory in your ASTi systems and peripherals, please contact ASTi for the “Non-Volatile Memory List”.

This guide covers systems with BIOS identifiers:

• PCA-6178
• PCA-6178A
• PCA-6178B
• PCA-6178C

NOTE: In order to clear the CMOS, the user is required to open the DACS chassis and remove the CMOS battery. Opening the DACS cover voids the warranty included with the hardware. If you are going to perform this step, contact ASTi with the serial number(s) of the platform(s) in question. If the system must be returned for repair at a later date, ASTi reserves the right to void the warranty if it appears the unit was damaged during this process.

1. Clearing DACS RAM
   By definition, RAM is cleared when power is removed from the system. To clear the RAM:
   
   
   1. Remove the power cord from the DACS system.
   2. Wait 30 seconds.
   3. RAM is cleared.
   
   
2. Clearing CMOS
   Warning: This step may void the product warranty; see above. Prior to clearing the CMOS, provide the following information to ASTi for our records:
   
   
   • Customer contact information
   • Serial number(s) of system(s) in question
   • Reason for opening the system
   
   Email this information to support@asti-usa.com PRIOR to removing the CMOS battery. Then, proceed with the following procedure, if required:
   
   
   1. Remove the power cord from the DACS system.
   2. Remove the top cover from the DACS.
   3. After properly grounding yourself, carefully remove jumper J1, which is located near the CMOS battery.
   4. Wait 30 seconds.
   5. Reinsert jumper and replace top cover.
   6. Follow the DACS Cold Start Procedure to set the BIOS.
   
   
3. Formatting the Hard drive
   Warning: Formatting the hard drive will delete all files, including models and configuration files. Backup important files prior to proceeding.
   
   
   1. Power on the DACS.
   2. Boot into Standard DOS mode.
   3. Insert DOS Diskette 1.
   4. Type “a:” and press Enter to access the floppy drive.
   5. Type “format c: /u” and press Enter to begin formatting.
   6. Type “y” and press Enter to confirm formatting of hard drive. The drive will then proceed to format.
   7. When prompted, press Enter to select no volume label.
      For systems with more than one hard drive, repeat steps 5 through 7, but substitute the appropriate drive letter(s) in place of “c:”.
      
   8. Follow the DACS Cold Start Procedure to reinstall all software.

8-500. Special Categories. Several categories of systems can be adequately secured without implementation of all the technical features specified this Chapter. These systems are not “exceptions” or “special cases” but applying the technical security requirements to these systems by rote results in unnecessary costs and operational impacts. In general, the technical questions are where, when, and how to apply a given set of protection measures, rather than whether to apply the measures. For many of these “special” systems (such as guards or pure servers; and tactical, embedded, data-acquisition, and special purpose systems), the physical security protections for the system provide the required access control, while the application running on the platform provides the required user separation.

8-501. Single-user, Stand-alone Systems. Extensive technical protection measures are normally inappropriate and inordinately expensive for singleuser, stand-alone systems. The CSA can approve administrative and environmental protection measures for such systems, in lieu of technical ones. Systems that have one user at a time, but have a total of more than one user with no sanitization between users, are multiuser systems, and the CSA shall consider the systems as such in determining the protection level and the resulting security requirements. Systems that have one user at a time, are sanitized between users and periods of different classification/sensitivity, are periods processing systems as described below.