Business Context and Volume
from proposal...National Marine Fisheries Service issues permits to fishing industry individuals and corporations and also to individual recreational fishers. More.... legislative or other policy mandates
Volume
Currently 6 vessels report electronically, could go up to 200 vessels, must transfer within 72 hours of landing, typically vessels land every few weeks, potential exists for daily reporting via VMS.... Good place for transaction volumes
Business Drivers
With e-signature fishers would be more accepting of electronic reporting. Fishers have concerns about achieving compliance. Drivers for wanting e-reporting... better data, faster data, less corrections.... Magnusen-Stephens driver for reducing cycle time? More.... The more could include what business benefit they derive from the permit and what business risk they incur if they break NMFS rules. Is this the spot for cycle times?
...
NIST 800-30: Risk Management Guide for Information Technology Systems defines risk as a function of the likelihood of a given threat-source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. The threat and vulnerability identification process that follows is based on NIST 800-30.
Users and functionality
...
These are mid-size vessels (vicinity of 70ft) that have GPS, VMS, and sophisticated fish-finding technology. A number of the vessels have e-logbook software onboard integrated with track plotting systems. This e-logbook application includes a unique identifier via a hardware dongle which could be used to identify data from the vessel. An existing rule provides authority for optional electronic reporting. E-Logbook Vendor Certification Guidelines are in the approval process that would allow a vendor to promote an e-logbook application as NMFS-approved for e-logbook compliance.
By regulation responsibility for fishing logbook reporting is on the operator of the fishing vessel.
Functionality would be creation/maintenance of the e-logbook record, storage of the e-logbook records on portable media (floppy, cd, memory stick), and physical transfer of the portable media to NMFS... or, alternatively, email transmission of e-logbook records to NMFS.
...
Data sensitivity and security FISMA and Privacy Act issues
E-Logbook data is fisheries confidential data under the trade secrets act. Unless the e-signature requires it there is not likely to be PII in this data. ...clarify....
...
Mitigating controls
...
In this the Hawaii longline logbook case we have independent confirmation of the vessel's location through the VMS system. The e-logbook software application licensing compliance dongle forms a unique identifier for each logbook page and it can tie the logbook page to a particular instance of the e-logbook software. These vessels are permitted to fish and therefore have a prior "trusted relationship" with NMFS. In many cases this prior relationship involves confirming vessel ownership with the US Coast Guard, verifying participation in prior fisheries through previously submitted state or federal fish tickets or logbooks, confirmation of business ownership, etc. ...need more detail...
...