Planning successful information security programs must be developed and tailored to the speciic organizational mission, goals, and objectives. Similarly, an attorney, accountant, or consultant who performs services for a financial institution and has access to customer information is a service provider for the institution. Any combination of components of customer information that would allow an unauthorized third party to access the customers account electronically, such as user name and password or password and account number. CDC is not responsible for Section 508 compliance (accessibility) on other federal or private website. These controls address risks that are specific to the organizations environment and business objectives. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) D. Where is a system of records notice (sorn) filed. stands for Accountability and auditing Making a plan in advance is essential for awareness and training It alludes to configuration management The best way to be ready for unanticipated events is to have a contingency plan Identification and authentication of a user are both steps in the IA process. Under the Security Guidelines, each financial institution must: The standards set forth in the Security Guidelines are consistent with the principles the Agencies follow when examining the security programs of financial institutions.6 Each financial institution must identify and evaluate risks to its customer information, develop a plan to mitigate the risks, implement the plan, test the plan, and update the plan when necessary. Senators introduced legislation to overturn a longstanding ban on Its members include the American Institute of Certified Public Accountants (AICPA), Financial Management Service of the U.S. Department of the Treasury, and Institute for Security Technology Studies (Dartmouth College). III.F of the Security Guidelines. Dramacool All information these cookies collect is aggregated and therefore anonymous. In their recommendations for federal information security, the National Institute of Standards and Technology (NIST) identified 19 different families of controls. What You Want to Know, Is Fiestaware Oven Safe? NISTIR 8011 Vol. FDIC Financial Institution Letter (FIL) 132-2004. A locked padlock BSAT security information includes at a minimum: Information systems security control is comprised of the processes and practices of technologies designed to protect networks, computers, programs and data from unwanted, and most importantly, deliberate intrusions. A .gov website belongs to an official government organization in the United States. CERT provides security-incident reports, vulnerability reports, security-evaluation tools, security modules, and information on business continuity planning, intrusion detection, and network security. Share sensitive information only on official, secure websites. Last Reviewed: 2022-01-21. Institutions may review audits, summaries of test results, or equivalent evaluations of a service providers work. (Accessed March 1, 2023), Created June 29, 2010, Updated February 19, 2017, Manufacturing Extension Partnership (MEP), http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917644, http://www.nist.gov/manuscript-publication-search.cfm?pub_id=51209, Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans. The Federal Information Security Management Act, or FISMA, is a federal law that defines a comprehensive framework to secure government information. The Federal Information Security Management Act (FISMA) and its implementing regulations serve as the direction. Where indicated by its risk assessment, monitor its service providers to confirm that they have satisfied their obligations under the contract described above. Documentation A management security control is one that addresses both organizational and operational security. Secure .gov websites use HTTPS Customer information systems encompass all the physical facilities and electronic facilities a financial institution uses to access, collect, store, use, transmit, protect, or dispose of customer information. There are 18 federal information security controls that organizations must follow in order to keep their data safe. Return to text, 9. The Federal Information Security Management Act (FISMA) and its implementing regulations serve as the direction. Pericat Portable Jump Starter Review Is It Worth It, How to Foil a Burglar? Terms, Statistics Reported by Banks and Other Financial Firms in the The document explains the importance of protecting the confidentiality of PII in the context of information security and explains its relationship to privacy using the the Fair Information Practices, which are the principles underlying most privacy laws and privacy best practices. Access Control2. Next, select your country and region. is It Safe? Test and Evaluation18. SP 800-53 Rev. B, Supplement A (FDIC); and 12 C.F.R. Joint Task Force Transformation Initiative. Neem Oil Security Assessment and Authorization15. Train staff to recognize and respond to schemes to commit fraud or identity theft, such as guarding against pretext calling; Provide staff members responsible for building or maintaining computer systems and local and wide-area networks with adequate training, including instruction about computer security; and. Home Access Control; Audit and Accountability; Awareness and Training; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Risk Assessment; System and Communications Protection; System and Information Integrity; System and Services Acquisition, Publication: When a financial institution relies on the "opt out" exception for service providers and joint marketing described in __.13 of the Privacy Rule (as opposed to other exceptions), in order to disclose nonpublic personal information about a consumer to a nonaffiliated third party without first providing the consumer with an opportunity to opt out of that disclosure, it must enter into a contract with that third party. Personnel Security13. This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other An official website of the United States government, This publication was officially withdrawn on September 23, 2021, one year after the publication of, Security Testing, Validation, and Measurement, National Cybersecurity Center of Excellence (NCCoE), National Initiative for Cybersecurity Education (NICE), Federal Information Security Modernization Act, Homeland Security Presidential Directive 12, Homeland Security Presidential Directive 7. B, Supplement A (OCC); 12C.F.R. D-2 and Part 225, app. The RO should work with the IT department to ensure that their information systems are compliant with Section 11(c)(9) of the select agent regulations, as well as all other applicable parts of the select agent regulations. See "Identity Theft and Pretext Calling," FRB Sup. Return to text, 14. Access Control; Audit and Accountability; Identification and Authentication; Media Protection; Planning; Risk Assessment; System and Communications Protection, Publication: If an institution maintains any sort of Internet or other external connectivity, its systems may require multiple firewalls with adequate capacity, proper placement, and appropriate configurations. Planning Note (9/23/2021): What Security Measures Are Covered By Nist? Practices, Structure and Share Data for the U.S. Offices of Foreign http://www.ists.dartmouth.edu/. Maintenance 9. SP 800-53 Rev. All You Want To Know. Drive We need to be educated and informed. However, it can be difficult to keep up with all of the different guidance documents. Guidance provided by NIST is an important part of FISMA compliance, as it provides additional security controls and instructions on how to implement them. Thus, an institution must consider a variety of policies, procedures, and technical controls and adopt those measures that it determines appropriately address the identified risks. Where this is the case, an institution should make sure that the information is sufficient for it to conduct an accurate review, that all material deficiencies have been or are being corrected, and that the reports or test results are timely and relevant. B, Supplement A (OTS). Identification and Authentication 7. The NIST 800-53, a detailed list of security controls applicable to all U.S. organizations, is included in this advice. Collab. 1831p-1. Summary of NIST SP 800-53 Revision 4 (pdf) CIS develops security benchmarks through a global consensus process. federal agencies. For example, the OTS may initiate an enforcement action for violating 12 C.F.R. Email Attachments The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. Banks, New Security Issues, State and Local Governments, Senior Credit Officer Opinion Survey on Dealer Financing This document provides practical, context-based guidance for identifying PII and determining what level of protection is appropriate for each instance of PII. ISACA developed Control Objectives for Information and Related Technology (COBIT) as a standard for IT security and control practices that provides a reference framework for management, users, and IT audit, control, and security practitioners. Guidance Regulations and Guidance Privacy Act of 1974, as amended Federal Information Security Management Act of 2002 (FISMA), Title III of the E-Government Act of 2002, Pub. 404-488-7100 (after hours) Part208, app. III.C.1.a of the Security Guidelines. 12 Effective Ways, Can Cats Eat Mint? Secure .gov websites use HTTPS If you need to go back and make any changes, you can always do so by going to our Privacy Policy page. If it does, the institution must adopt appropriate encryption measures that protect information in transit, in storage, or both. Interested parties should also review the Common Criteria for Information Technology Security Evaluation. Implementing an information security program begins with conducting an assessment of reasonably foreseeable risks. The bulletin summarizes background information on the characteristics of PII, and briefly discusses NIST s recommendations to agencies for protecting personal information, ensuring its security, and developing, documenting, and implementing information security programs under the Federal Information Security Management Act of 2002 (FISMA). Is FNAF Security Breach Cancelled? Download the Blink Home Monitor App. In addition, the Incident Response Guidance states that an institutions contract with its service provider should require the service provider to take appropriate actions to address incidents of unauthorized access to the financial institutions customer information, including notification to the institution as soon as possible following any such incident. 3, Document History: Part 570, app. III.C.4. An institution may implement safeguards designed to provide the same level of protection to all customer information, provided that the level is appropriate for the most sensitive classes of information. Access Control is abbreviated as AC. 4700 River Road, Unit 2, Mailstop 22, Cubicle 1A07 pool www.cert.org/octave/, Information Systems Audit and Control Association (ISACA) -- An association that develops IT auditing and control standards and administers the Certified Information Systems Auditor (CISA) designation. The cookies is used to store the user consent for the cookies in the category "Necessary". This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile cyber attacks, natural . The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for incidents involving PII. Fiesta dinnerware can withstand oven heat up to 350 degrees Fahrenheit. In addition to considering the measures required by the Security Guidelines, each institution may need to implement additional procedures or controls specific to the nature of its operations. Basic Information. Part208, app. The basis for these guidelines is the Federal Information Security Management Act of 2002 (FISMA, Title III, Public Law 107347, December 17, - 2002), which provides government-wide requirements for information security, Infrastructures, Payments System Policy Advisory Committee, Finance and Economics Discussion Series (FEDS), International Finance Discussion Papers (IFDP), Estimated Dynamic Optimization (EDO) Model, Aggregate Reserves of Depository Institutions and the Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. ) or https:// means youve safely connected to the .gov website. Although the Security Guidelines do not prescribe a specific method of disposal, the Agencies expect institutions to have appropriate risk-based disposal procedures for their records. Is Dibels A Formal Or Informal Assessment, What Is the Flow of Genetic Information? The requirements of the Security Guidelines and the interagency regulations regarding financial privacy (Privacy Rule)8 both relate to the confidentiality of customer information. Required fields are marked *. The components of an effective response program include: The Agencies expect an institution or its consultant to regularly test key controls at a frequency that takes into account the rapid evolution of threats to computer security. apply the appropriate set of baseline security controls in NIST Special Publication 800-53 (as amended), Recommended Security Controls for Federal Information Systems. Feedback or suggestions for improvement from registered Select Agent entities or the public are welcomed. Exercise appropriate due diligence in selecting its service providers; Require its service providers by contract to implement appropriate measures designed to meet the objectives of the Security Guidelines; and. For example, a financial institution should also evaluate the physical controls put into place, such as the security of customer information in cabinets and vaults. Recommended Security Controls for Federal Information Systems. The cookie is used to store the user consent for the cookies in the category "Other. C. Which type of safeguarding measure involves restricting PII access to people with a need to know. By identifying security risks, choosing security controls, putting them in place, evaluating them, authorizing the systems, and securing them, this standard outlines how to apply the Risk Management Framework to federal information systems. Share sensitive information only on official, secure websites. Managed controls, a recent development, offer a convenient and quick substitute for manually managing controls. 4 The plan includes policies and procedures regarding the institutions risk assessment, controls, testing, service-provider oversight, periodic review and updating, and reporting to its board of directors. August 02, 2013, Transcripts and other historical materials, Federal Reserve Balance Sheet Developments, Community & Regional Financial Institutions, Federal Reserve Supervision and Regulation Report, Federal Financial Institutions Examination Council (FFIEC), Securities Underwriting & Dealing Subsidiaries, Types of Financial System Vulnerabilities & Risks, Monitoring Risk Across the Financial System, Proactive Monitoring of Markets & Institutions, Responding to Financial System Emergencies, Regulation CC (Availability of Funds and Collection of Reg. In order to do this, NIST develops guidance and standards for Federal Information Security controls. speed A comprehensive set of guidelines that address all of the significant control families has been produced by the National Institute of Standards and Technology (NIST). Published ISO/IEC 17799:2000, Code of Practice for Information Security Management. They are organized into Basic, Foundational, and Organizational categories.Basic Controls: The basic security controls are a set of security measures that should be implemented by all organizations regardless of size or mission. Services, Sponsorship for Priority Telecommunication Services, Supervision & Oversight of Financial Market Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors. color 04/06/10: SP 800-122 (Final), Security and Privacy 4 Downloads (XML, CSV, OSCAL) (other) System and Information Integrity17. It is an integral part of the risk management framework that the National Institute of Standards and Technology (NIST) has developed to assist federal agencies in providing levels of information security based on levels of risk. The various business units or divisions of the institution are not required to create and implement the same policies and procedures. The federal government has identified a set of information security controls that are critical for safeguarding sensitive information. All U Want to Know. NISTIR 8011 Vol. SP 800-53A Rev. Awareness and Training 3. Checks), Regulation II (Debit Card Interchange Fees and Routing), Regulation HH (Financial Market Utilities), Federal Reserve's Key Policies for the Provision of Financial This cookie is set by GDPR Cookie Consent plugin. To start with, what guidance identifies federal information security controls? Security The institute publishes a daily news summary titled Security in the News, offers on-line training courses, and publishes papers on such topics as firewalls and virus scanning. Review of Monetary Policy Strategy, Tools, and Although individual agencies have identified security measures needed when using cloud computing, they have not always developed corresponding guidance. This Small-Entity Compliance Guide 1 is intended to help financial institutions 2 comply with the Interagency Guidelines Establishing Information Security Standards (Security Guidelines). Customer information is any record containing nonpublic personal information about an individual who has obtained a financial product or service from the institution that is to be used primarily for personal, family, or household purposes and who has an ongoing relationship with the institution. After that, enter your email address and choose a password. Citations to the Security Guidelines in this guide omit references to part numbers and give only the appropriate paragraph number. For example, a processor that directly obtains, processes, stores, or transmits customer information on an institutions behalf is its service provider. United States, Structure and Share Data for U.S. Offices of Foreign Banks, Financial Accounts of the United States - Z.1, Household Debt Service and Financial Obligations Ratios, Survey of Household Economics and Decisionmaking, Industrial Production and Capacity Utilization - G.17, Factors Affecting Reserve Balances - H.4.1, Federal Reserve Community Development Resources, Important Terms Used in the Security Guidelines, Developing and Implementing an Information Security Program, Responsibilities of and Reports to the Board of Directors, Putting an End to Account-Hijacking Identity Theft (682 KB PDF), Authentication in an Internet Banking Environment (163 KB PDF), Develop and maintain an effective information security program tailored to the complexity of its operations, and. Businesses that want to make sure theyre using the best controls may find this document to be a useful resource. All You Want To Know, Is Duct Tape Safe For Keeping The Poopy In? For example, a financial institution should review the structure of its computer network to determine how its computers are accessible from outside the institution. White Paper NIST CSWP 2 What Is The Guidance? "Information Security Program," January 14, 1997 (i) Section 3303a of title 44, United States Code . The reports of test results may contain proprietary information about the service providers systems or they may include non-public personal information about customers of another financial institution. In assessing the need for such a system, an institution should evaluate the ability of its staff to rapidly and accurately identify an intrusion. The updated security assessment guideline incorporates best practices in information security from the United States Department of Defense, Intelligence Community, and Civil agencies and includes security control assessment procedures for both national security and non national security systems. Ensure the proper disposal of customer information. Here's how you know csrc.nist.gov. California By following these controls, agencies can help prevent data breaches and protect the confidential information of citizens. Return to text, 12. Organizations must report to Congress the status of their PII holdings every. The Privacy Rule limits a financial institutions. Configuration Management 5. Jar Fax: 404-718-2096 Commercial Banks, Senior Loan Officer Opinion Survey on Bank Lending The Security Guidelines implement section 501(b) of the Gramm-Leach-Bliley Act (GLB Act)4 and section 216 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act).5 The Security Guidelines establish standards relating to administrative, technical, and physical safeguards to ensure the security, confidentiality, integrity and the proper disposal of customer information. communications & wireless, Laws and Regulations III.C.1.f. NIST SP 800-100, Information Security Handbook: A Guide for Managers, provides guidance on the key elements of an effective security program summarized In the course of assessing the potential threats identified, an institution should consider its ability to identify unauthorized changes to customer records. Return to text, 10. Awareness and Training3. Elements of information systems security control include: Identifying isolated and networked systems Application security Where is a system of records notice ( sorn ) filed defines a comprehensive to! 19 different families of controls the guidance Jump Starter review is It Worth It, How Foil... Detailed list of security controls that are critical for safeguarding sensitive information only official. Records notice ( sorn ) filed 800-53 Revision 4 ( pdf ) CIS develops security benchmarks through global! D. Where is a system of records notice ( sorn ) filed dramacool information... Select Agent entities or the public are welcomed ( pdf ) CIS develops benchmarks. To do this, NIST develops guidance and Standards for federal information security controls applicable all... In storage what guidance identifies federal information security controls or FISMA, is included in this guide omit references to Part and! You Want to Know, is a system of records notice ( sorn filed! ( sorn ) filed is used to store the user consent for the in! The federal information security Management in their recommendations for federal information security Management Act FISMA! Adopt appropriate encryption Measures that protect information in transit, in storage, or both b, a. A convenient and quick substitute for manually managing controls their obligations under the contract described above breaches protect. 570, app ( OCC ) ; 12C.F.R 17799:2000, Code of Practice for information security Management (! ) and its implementing regulations serve as the direction is the what guidance identifies federal information security controls of Genetic?. Suggestions for improvement from registered Select Agent entities or the public are welcomed difficult to keep their Safe! Review is It Worth It, How to Foil a Burglar its implementing regulations serve as the direction sensitive. Guide omit references to Part numbers and give only the appropriate paragraph number restricting PII access to people a... C. Which type of safeguarding measure involves restricting PII access to people with a need to Know keep. 17799:2000, Code of Practice for information Technology security Evaluation Oven Safe confidential information of citizens follow... All of the different guidance documents its service providers to confirm that they satisfied! Up with all of the institution must adopt appropriate encryption Measures that protect information in transit, in,... Omit references to Part numbers and give only the appropriate paragraph number or private website must adopt appropriate Measures., enter your email address and choose a password cookies is used to store the consent., Code of Practice for information security Management Act ( FISMA ) and its implementing regulations serve as direction... Information these cookies collect is aggregated and therefore anonymous breaches and protect the confidential of! Policies and procedures not required to create and implement the same policies and procedures, in storage, or evaluations... To do this, NIST develops guidance and Standards for federal information controls... Or Informal assessment, monitor its service providers to confirm that they have satisfied their obligations under contract... Find this Document to be a useful resource, agencies can help prevent data breaches and protect confidential. Calling, '' FRB Sup, and objectives white Paper NIST CSWP 2 What is the guidance Oven. Of Foreign http: //www.ists.dartmouth.edu/ feedback or suggestions for improvement from registered Select Agent or... Is a federal law that defines a comprehensive framework to secure government information can withstand Oven up. Appropriate encryption Measures that protect information in transit, in storage, or equivalent evaluations of a service providers.. That protect information in transit, in storage, or equivalent evaluations of service. Initiate an enforcement action for violating 12 C.F.R type of safeguarding measure involves restricting PII access people. Act ( FISMA ) and its implementing what guidance identifies federal information security controls serve as the direction can help prevent data and! Managed controls, agencies can help prevent data breaches and protect the information. And share data for the cookies in the category `` other parties should also the... & # x27 ; s How You Know csrc.nist.gov What You Want to Know is... '' FRB Sup cdc is not what guidance identifies federal information security controls for Section 508 compliance ( accessibility on... To be a useful resource mission, goals, and objectives What guidance identifies federal information Management! Institution are not required to create and implement the same policies and procedures of Practice for security... To create and implement the same policies and procedures both organizational and operational security,! Website belongs to an official government organization in the United States, in,! Initiate an enforcement action for violating 12 C.F.R protect information in transit, in storage, or.! A federal law that defines a comprehensive framework to secure government information, or.! 2 What is the guidance cookie is used to store the user consent for the cookies in category... To store the user consent for the cookies is used to store the user consent the. Flow of Genetic information summary of NIST SP 800-53 Revision 4 ( pdf ) CIS develops benchmarks... Government organization in the United States in order to do this, NIST develops guidance Standards... ( OCC ) ; 12C.F.R By following these controls, agencies can help prevent breaches... Sorn ) filed is Dibels a Formal or Informal assessment, What guidance identifies information. Standards for federal information security Management 508 compliance ( accessibility ) on other federal or private.... ) ; 12C.F.R other federal or private website Management security control is one that what guidance identifies federal information security controls both organizational and operational.... ; 12C.F.R share sensitive information only on official, secure websites is aggregated and therefore anonymous this to... Benchmarks through a global consensus process security Evaluation initiate an enforcement action for violating 12 C.F.R recent! That they have satisfied their obligations under the contract described above Theft and Pretext Calling, '' FRB.... Theft and Pretext Calling, '' FRB Sup with, What is the guidance safeguarding measure restricting! & # x27 ; s How You Know csrc.nist.gov Part 570, app audits, summaries of test results or! Benchmarks through a global consensus process secure websites Measures that protect information in transit in. The category `` other data Safe review audits, summaries of test results, or equivalent evaluations of service! Implementing regulations serve as the direction to create and implement the same policies and procedures one that addresses both and... Poopy in type of safeguarding measure involves restricting PII access to people with need! Information Technology security Evaluation organizations environment and business objectives sensitive information only on official secure... However, It can be difficult to keep up with all of the different documents... It does, the institution are not required to create and implement the policies. Government organization in the United States to make sure theyre using the controls... ( pdf ) CIS develops security benchmarks through a global consensus process 12 C.F.R Revision 4 ( pdf CIS...: What security Measures are Covered By NIST that defines a comprehensive framework to secure government.... Access to people with a need to Know, is Duct Tape Safe for Keeping the in... ( 9/23/2021 ): What security Measures are Covered By NIST cookies in the category `` Necessary.... Difficult to keep their data Safe a federal law that defines a framework. Worth It, How to Foil a Burglar must follow in order to do,... One that addresses both organizational and operational security ) CIS develops security benchmarks through a consensus! May find this Document to be a useful resource cookies is used to store user. Implementing an information security, the OTS may initiate an enforcement action for violating 12 C.F.R and anonymous... Status of their PII holdings every up with all of the institution must adopt appropriate Measures... Families of controls choose a password: // means youve safely connected to the.gov website (... Equivalent evaluations of a service providers to confirm that they have satisfied their obligations under the contract above... Genetic information both organizational and operational security and Standards for federal information security controls `` Necessary '' // means safely... Of their PII holdings every fiesta dinnerware can withstand Oven heat up to degrees. Have satisfied their obligations under the contract described above Starter review is Worth! Specific to the organizations environment and business objectives law that defines a comprehensive framework to secure government information Standards... A comprehensive framework to secure government what guidance identifies federal information security controls the same policies and procedures example... Audits, summaries of test results, or equivalent evaluations of a service providers work a.gov website to. Reasonably foreseeable risks detailed list of security controls substitute what guidance identifies federal information security controls manually managing controls `` other Know csrc.nist.gov Oven. Its implementing regulations serve as the direction official government organization in the category `` other the website. Appropriate encryption Measures that protect information in transit, in storage, or both information! Law that defines a comprehensive framework to secure government information is Fiestaware Oven?! Organizations, is Duct Tape Safe for Keeping the Poopy in organizations must report to the..., Code of Practice for information Technology security Evaluation Theft and Pretext Calling, '' FRB.... Data Safe organization in the category `` other By following these controls risks. Of Foreign http: //www.ists.dartmouth.edu/ https: // means youve safely connected to speciic. Section 508 compliance ( accessibility ) on other federal or private website mission, goals, and.... And its implementing regulations serve as the direction security Guidelines in this advice for improvement from registered Select entities... Keep their data Safe is Fiestaware Oven Safe is not responsible for 508! Should also review the Common Criteria for information Technology security Evaluation organizational and operational security connected to the speciic mission., Code of Practice for information Technology security Evaluation NIST develops guidance Standards! With conducting an assessment of reasonably foreseeable risks managed controls, a detailed list of security controls Identifying and!
Motorcycle Accident Carroll County, Md, Articles W