Versions Compared

Version Old Version 46 New Version 47
Changes made by

Larry Talley - NOAA Federal

Larry Talley - NOAA Federal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Allowing fishers to record and submit their data electronically whenever possible
  • Reducing the amount of time spent by fishers complying with federal reporting requirements
  • Improving the accuracy of the data collected
  • Reducing the amount of time spent by NOAA Fisheries Service processing the logbook data

Currently 6 vessels report logbooks electronically, but with clarification of e-signature requirements and e-logbook vendor certification (in process) this could go up to 200 vessels.   Vessels are required to report (transfer data) within 72 hours of landing.   Vessels typically land every few weeks.   The potential exists for future daily reporting using VMS as a data transport mechanism.

Business Drivers

Timely information on fishing effort, catch and bycatch is required as an element of National Standard 1 (NS1).  In these longline fisheries an electronic logbook program provides the best mechanism for acquiring timely information.  Logbook record-keeping and reporting regulations require vessel operator signatures for accountability.  An e-signature feature is required to make e-logbook reporting feasible and acceptable to the fishers.

Business Risk in the Permit Context

This system has a FIPS 199security categorization as follows:

  • Moderate confidentiality requirements -- that is, loss of confidentiality would be expected to have a serious adverse effect on organizational operations, assets, or individuals. A breach of confidentiality would damage our relationship with our constituency and seriously impact our ability to collect accurate data with which to manage fisheries, as well as exposing us to litigation and professional disrepute.
  • Moderate integrity requirements -- among other things this data could be used to establish individual fishing quotas based on historical participation in a fishery. Individual fishing quotas have value, and it is critical to maintain access controls, change tracking, and auditability.
  • Low availability requirements -- a temporary loss of availability would be expected to have a limited adverse effect. Transactions dependent on this data are not particularly time-sensitive, and business requirements could be met via manual methods during a temporary system outage.

NIST 800-30: Risk Management Guide for Information Technology Systems defines risk as a function of the likelihood of a given threat-source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.  The threat and vulnerability identification process that follows is based on NIST 800-30.

...