Engineering Procedure

SAEP-98 4 November 2015

Removable Media Usage for Process Automation Systems
Document Responsibility: Plants Networks Standards Committee

Saudi Aramco Desktop Standards

Table of Contents

1 Scope…….......................................................... 2
2 Conflicts and Deviations…................................. 2
3 Users……..…………………………………....….. 2
4 Roles and Responsibilities…………………........ 2
5 Applicable Documents.........…………….......….. 3
6 Definitions and Abbreviations............................. 3
7 General Instructions…...…………………......….. 7
8 System Configurations……….…………...….... 10
9 USB Storage Device Requirements................. 11
10 USB Storage Device Usage………………....... 12
11 Removable Media Transport.....……………..... 13
12 Removable Media Disposal…………...……..... 13
13 Vendors Removable Media Devices……......... 14
14 Documentation………………………….......... 14

Previous Issue: New Next Planned Update: 4 November 2018

Primary contacts: Yousef, Hassan Salman (youshs0a) on +966-13-8809815 Page 1 of 15
Backup Contact: Almadi, Soliman Musa (almadism) on +966-13-8801357

Copyright©Saudi Aramco 2015. All rights reserved.

Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

1 Scope

The purpose of this engineering procedure is to establish the minimum security

requirements for the proper use of removable media devices within the various Process
Automation Systems (PAS) inside the plant. The implementation of this procedure
shall minimize the likelihood of malware spread within a process automation
environment and protect against leakage of plant data.

2 Conflicts and Deviations

2.1 Any conflict between this procedure and other applicable Saudi Aramco
Engineering Standards shall be resolved in writing to the Manager of Process &
Control Systems Department (P&CSD) of Saudi Aramco, Dhahran.

2.2 Direct all requests to deviate any mandatory requirement from this procedure in
writing to the Manager of P&CSD of Saudi Aramco, Dhahran in accordance to
SAEP-302.

3 Users

The intended users of this document are Process Automation Network (PAN)
administrators, Process Automation System (PAS) administrators, engineers and
technicians utilizing removable media devices for the engineering and maintenance of
plants networks and systems.

4 Roles and Responsibilities

The procedure entails performing system-side configurations in order to fulfill the

requirements of this procedure. In order to implement these system configurations on
any given the system, PAN admins shall:

4.1 Consult PCS vendors to ensure that these configuration changes won’t have an
impact on the system. Documented confirmation is required prior to performing
any configuration changes.

4.2 Perform full registry backup, at minimum, prior to implementing any of these
configurations. A full system backup is highly recommended.

Page 2 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

5 Applicable Documents

5.1 Saudi Aramco References

Saudi Aramco Engineering Procedures

SAEP-99 Process Automation Networks and Systems Security
SAEP-302 Instructions for Obtaining a Waiver of a Mandatory
Saudi Aramco Engineering Requirement
SAEP-707 Risk Assessment Procedure for Plants Networks and
Systems

Saudi Aramco General Instructions

GI-0299.120 Sanitization and Disposal of Saudi Aramco
Electronic Storage Devices and
Obsolete/Unneeded Software
GI-0710.002 Classification of Sensitive Information

Saudi Aramco Best Practice

SABP-Z-071 Implementing Security Controls for Removable
media Devices

5.2 Industry Codes and Standards

The International Organization for Standardization (ISO) and the International

Electrotechnical Commission (IEC)
ISO/IEC 27002 Information Technology - Security Techniques -
Code of Practice for Information Security
Controls

The National Institute of Standards and Technology (NIST)

NISTIR 7628 Rev1 Guidelines for Smart Grid Cybersecurity
Volume 1 - Smart Grid Cybersecurity Strategy,
Architecture, and High-Level Requirements

6 Definitions and Abbreviations

6.1 Abbreviations
AES Advanced Encryption Standard
AV Antivirus software
CBC Cipher-Block Chaining

Page 3 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

CD Compact Disc
CD-R Compact Disc Recordable
CD-RW Compact Disc Rewritable
DVD Digital Versatile Disc
DVD-R Digital Versatile Disc Recordable
DVD-RW Digital Versatile Disc Rewritable
FIPS Federal Information Processing Standards
HDD Hard Disk Drive
IT Information Technology
MMA Microsoft Message Analyzer
MOC Management of Change
NDA Non-Disclosure Agreement
PAN Process Automation Network (also: Plant Information Network)
PAS Process Automation System
PCN Process Control Network
PCS Process Control System
P&CSD Process & Control Systems Department
PN&S Plant Networks and System
SSD Solid State Drive
USB Universal Serial Bus

6.2 Definitions

Advanced Encryption Standard (AES): A specification for the encryption of

electronic data established by the U.S. National Institute of Standards and
Technology (NIST) in 2001.

Authentication: The process of verifying the identity of a user through a code

such as a password.

Authorized Corporate Servers: Dedicated servers on the IT side responsible

for obtaining updates/patches from vendor sites through a secure mechanism.

Cable Guard: A device that secures plugged-in cables from unauthorized removal.

Cipher-Block Chaining (CBC): A mode of operation for a block cipher that

uses an algorithm to provide an information service such as confidentiality or
authenticity.

Page 4 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

Compact Disc (CD): A CD is an optical disc used to store digital data.

Cryptographic Hash Function: Any one-way function that allows one to

easily verify that some input data matches a stored hash value, but makes it hard
to construct any data that would hash to the same value or find any two unique
data pieces that hash to the same value.

Digital Signature: A mathematical technique used to validate the authenticity

and integrity of a message, software or digital document.

Digital Tape Format: A magnetic tape data storage format. It uses a ½” wide
tape, in a cassette with two reels, which is written and read with a helical scan
process.

Digital Versatile Disc (DVD): DVD is an optical disc storage format that
offers higher storage capacity than a Compact Disc (CD).

Firmware: is the combination of a hardware device (integrated circuit), and

computer instructions and data that reside as read only software on that device.

Floppy Disk Drive (FDD): A disk storage medium composed of a disk of thin
and flexible magnetic storage medium, sealed in a rectangular plastic carrier
lined with fabric that removes dust particles.

Hard Disk Drive (HDD): A data storage device used for storing and retrieving
digital information using one or more rigid (“hard”) rapidly rotating disks
(platters) coated with magnetic material.

Microsoft Message Analyzer: A software tool that enables users to capture,

display, and analyze protocol messaging traffic; and to trace and assess system
events and other messages from Windows components.

Plant Information (PI) System: It is an enterprise application software or Data

Acquisition and Historization System (DAHS) used for management of real-
time of process data and events, for more details please refer to 23-SAMSS-072.

Process Automation Network (PAN): Or sometimes referred to as Plant

Information Network (PIN), is a plant wide network interconnecting Process
Control Networks (PCN) and provides an interface to the WAN. A PAN does
not include proprietary process control networks provided as part of a vendor's
standard process control system.

Process Automation Networks (PAN) Administrator: A system

administrator that performs day-to-day maintenance activities on the PAN
devices (e.g., administration, configuration, upgrade, monitoring, etc.).

Page 5 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

He may also perform additional functions such as granting, revoking, and

tracking access privileges for PCS operating systems and applications.

Process Automation System (PAS): A network of computer-based or

microprocessor-based electronic equipment whose primary purpose is process
automation. The functions may include process control, safety, data acquisition,
advanced control and optimization, historical archiving, and decision support.

Process Automation System (PAS) Administrator/Engineer/Technician:

A plant employee who performs day-to-day system configuration and
maintenance for Process Control Systems.

Process Control Network (PCN): A proprietary process control networks

provided as part of a vendor's standard process control system.

Process Control System (PCS): The integrated system which is used to automate,
monitor and/or control an operating facility (e.g., Plant process units). The PCS
consists of operating area DCS and their related Auxiliary systems which are
connected together at the PCN and PAN level to form a single integrated system.

Removable Media (or Removable Media Devices): Computer storage

technologies that are portable (not permanently attached to a computer).
Examples include optical discs, memory cards, floppy disks, USB flash drives,
external HDDs, external SSDs, magnetic tapes, smart phones, tablets, PDAs, etc.

Unauthorized Removable Media: Any form of removable media that hasn’t

been approved for use inside the plant.

Server: A dedicated un-manned data provider.

Solid State Drive (SSD): A data storage device that uses integrated circuit
assemblies as memory to store data persistently.

Trusted Platform Module (TPM): An international standard for a secure

cryptographic processor, which is a dedicated microprocessor designed to secure
hardware by integrating cryptographic keys into devices.

Universal Serial Bus (USB): An external serial bus interface standard for
connecting peripheral devices to a computer.

Unsolicited Media: Refers to any form of removable media given without

being requested or asked for. It includes anonymously found media which can’t
be trusted.

USB Flash Drive: Or USB drive for short, is a data storage device that includes
flash memory with an integrated USB interface.

Page 6 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

Certifiable USB: A USB flash drive whose origin/manufacturer can be verified

through cryptographic techniques.

Registered USB: A USB flash drive whose Device ID has been whitelisted in
the plant system.

Unauthorized USB: A USB flash drive that hasn’t been approved for use on a
plant system.

USB Port Lock: A dummy USB dongle that is plugged into a USB port for
physical security. Once the port is a locked, a key is required to unlock the port.

User Account: An established relationship between a user and a computer,

network or information service such as Operating System and Applications.

Usage Scheme: A framework that defines how removable media are going to
be used in a process automation environment.

Workstation: A workstation is a computer intended for individual use that is

faster and more capable than a personal computer. It's intended for business or
professional use.

X.509: An ITU-T standard for a public key infrastructure (PKI) and Privilege
Management Infrastructure (PMI). It specifies, amongst other things, standard
formats for public key certificates, certificate revocation lists, attribute
certificates, and a certification path validation algorithm.

7 General Instructions

7.1 Unauthorized removable media devices, including personal ones, shall not be
plugged into any plant system, see the definition of removable media devices in
Section 6.2.

7.2 USB Hard drives, or SSDs, utilized for backing up PCS engineering databases
shall NOT be used for day-to-day tasks.

7.3 When deemed feasible, individual USB storage devices shall be officially
assigned to authorized PAN admins, PCS engineers and PCS technicians.
Where individual USB devices are not assigned, USB device pools shall be
established to enable access to authorized USB devices by appropriate personnel.

7.4 In case a USB storage devices pool is used, a delegated custodian shall maintain
a log in order to establish who possessed a given device at any given time.

7.5 Authorized personnel using removable media on PAS workstations/servers shall

indicate, when obtaining a work permit, that a removable media device is to be

Page 7 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

used. Whenever a USB device is used, the device ID of that device shall be
included in the work permit.

7.6 Removable media devices, used on Plant Networks and Systems (PN&S),
shall be clearly marked with distinctive markings indicating its purpose,
i.e., engineering and maintenance of PAS. The distinctive markings shall be
communicated to plant personnel so the intention is known.

7.7 When not in use, removable media devices shall be kept in locked cabinets with
appropriate access control methods and a log sheet for tracking purposes. If the
removable media device is carrying sensitive data such as a database backup,
follow SAEP-99.

7.8 Unsolicited/suspicious media shall be reported to Computer Security

Administration (CSA) by filling the Detailed Incident Report form.
Commentary Note:

The intention is to prevent a social engineering technique of leaving removable

media devices inside a building, parking lot, etc., which normally contains
exploits. People might plug such USBs to find out who it belongs to, or use it
without knowing where it came from.

7.9 Lost/stolen USB storage devices shall be reported to PAN admin(s) and disabled
on all PN&S. It is the responsibility of PAN admin(s) to track and disable lost
or stolen USB storage devices. Follow Section 9.2 of SABP-Z-071 for detailed
steps on how to disable lost USB storage devices.

7.10 The usage of a removable media device, on plant systems, shall be restricted to
authorized PAN admins, PCS engineers and PCS technicians. Such devices
shall be dedicated for this purpose. The requirements of suitable USB devices
are identified in Section 9 of this document.

7.11 A Removable Media Usage Scheme shall be properly defined, documented and
approved by the plant’s manager and in accordance with the facility Operating
and Instruction Manual (OIM). The usage scheme shall cover the following:
 Purpose and justification.
 The process of data exchange.
 The data to be exchanged.
 The data provider(s) (source) and recipient(s) of data (destination).
 The machines involved in the scheme.
 USB storage devices involved, including device IDs.
 Plant personnel involved in the process.
 An approved scheme is valid for a maximum of 3 years from issuance.

Page 8 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

Refer to Section 13 of SABP-Z-071 for a sample usage scheme.

7.12 Any changes to the approved scheme shall go through the Management of
Change (MOC) process.

7.13 Removable media devices shall not be plugged into machines that are NOT
indicated in the Removable Media Usage Scheme(s).

7.14 Removable media plugged into plant systems shall not contain any form of data
not explicitly stated in the Removable Media Usage Scheme.

7.15 The placement of unauthorized executables on removable media is strictly

prohibited.

7.16 Datasets that are allowed to be copied to plant systems are those sets pertaining
to the engineering and maintenance of PAS components.

7.17 Required datasets shall NOT be downloaded from the Internet if the same data is
available on Saudi Aramco corporate network.

7.18 Classification of data stored on removable media shall be observed in line with
GI-0710.002. Data that requires encryption while transmitted shall be encrypted
while stored on removable media.

7.19 Removable media devices shall be protected from environmental damage such
as that caused by magnetic fields, high humidity, heat, direct sunlight, etc.
Therefore, the manufacturer’s recommended operational/storage conditions shall
be observed during the lifetime of the device.

7.20 Since media tend to degrade over time, data shall be transferred to fresh media
before becoming unreadable. In lack of manufacturer lifespan figures, use the
below table as a guideline:

Table 7.20 - Various Removable Media Lifespans

Media Type Life Span (yrs) Remarks

Floppy disks 10-20

5-10 (Unrecorded) Ideal environmental
Recordable Optical disks
2-5 (Recorded) conditions required.
HDD 3-5
Depends on the number
Flash Drives and SSDs 5-10+
of write cycles.
Digital Tape 10-20

The minimum lifespan is based on regular media usage.

The maximum lifespan is based on optimum environmental conditions and extreme care.

Page 9 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

7.21 USB devices that need to be permanently plugged into a plant system shall be
documented and approved by the plant manager. Examples include keyboard,
mice, licensing dongle, etc.
Commentary Note:

The procurement of all USB peripherals shall be done through known sources
using formal procurement procedures.

7.22 All unused USB ports shall be physically locked through USB Port Locks, when
physical security of a given system is deemed infeasible. Existing USB devices’
cables shall be secured in place via cable guards.

7.23 One-time use media such as CD-Rs, DVD-Rs shall be used as much as possible.

7.24 When using Compact Disks (CDs) for data transfer, the following guidelines
shall be observed:
 Use blank, Recordable CDs (CD-R).
 Re-writable CDs (CD-RW) shall not be used more than once.
 Destroy the media after use, using the applicable Saudi Aramco guidelines.
 The same requirements also apply to DVD-R & DVD-RW.

8 System Configurations

Saudi Aramco Best Practice (SABP-Z-071) was developed in order to guide PAN
admins on how to implement the system configurations detailed in this section.
All references below pertain to SABP-Z-071.

8.1 Disable autorun Section 11 of the Best Practice contains information on how to
disable autorun on plant systems.

8.2 ALL USB drivers, not required by the PAS manufacturer for normal operation
of the system, shall be uninstalled from each workstation/server in your facility.
Section 8 contains information on how to uninstall USB drivers.

8.3 Automated installation of unauthorized USB device drivers shall be prevented

on all plant workstations and servers using the Section 9 of the Best Practice.
Commentary Note:

Automated installation of registered USBs is allowed on specific machines

declared in the usage scheme. For this purpose, follow appendices 9.1, 9.2 and
9.3 respectively.

Page 10 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

8.4 When requirement 8.3 is technically infeasible, USB Mass Storage shall be
disabled on all machines that aren’t part of any data transfer scheme. Section 6
of the Best Practice details the steps to perform such action.
Commentary Note:

On machines where a USB device plugging is permitted, PAN admins shall

enable USB Mass Storage on ‘as needed’ basis and disable it once the task is
done.

8.5 Read and/or write access on removable media devices shall be enabled/disabled
based on operational requirements. The required permissions shall be clearly
stated as part of the removable media usage scheme. Section 7 on SABP-Z-071
lists the necessary steps to perform this task.
Commentary Note:

Write access to USB requires enabling read access by default.

8.6 USB event tracing shall be enabled through Microsoft Message Analyzer on
applicable operating systems, i.e., Windows 7 or higher.

8.7 Transfer of data to/from removable storage devices shall be logged on applicable
operating systems, see Section 10 of the Best Practice for more details.

8.8 Disable Floppy Disks, CDs, DVDs or hide drive letters when disabling those
devices isn’t feasible. Follow Section 12 of SABP-Z-071 in order to perform the
specified tasks.

9 USB Storage Device Requirements

9.1 Use only certifiable USBs that allow the validation of manufacturer/origin
through X.509 certificate authentication.

9.2 The USB device shall have a FIPS 140-2 Level-2 certification or higher.

9.3 The USB drive shall utilize digitally-signed firmware code.

9.4 The USB drive shall have a read-only mode implemented in hardware or in
software.

9.5 USB drive shall authenticate the user with a password in order to restrict usage
and/or access to data.

9.6 USB shall include hardware-level encryption (TPM) capability, specifically

AES-256 Cipher-Block Chaining (CBC) capability or better.

9.7 Built-in virus scanner on the USB drive is highly recommended. If the feature

Page 11 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

isn’t supported by the USB vendor, a PAN admin shall use the USB version of
the corporate AV scanner.

9.8 Where applicable, USB device integration with McAfee ePO server is highly
recommended. It allows the enforcement of a unified policy across systems
within the plant floor.

10 USB Storage Device Usage

The following procedure shall be applied every time a USB drive, or any other
removable media device, is to be plugged into a plant system:

10.1 When using removable media devices to transfer data, users shall log in to the
machines with the least privileged account needed.

10.2 The USB drive is first plugged in an IT workstation. The workstation needs to
be connected to the corporate network in order to receive the latest
updates/patches.

10.3 The user needs to authenticate himself to the USB device by typing the
password when prompted to do so.

10.4 The USB drive shall be scanned, for malware threats, on an up-to-date corporate
(IT) workstation. This workstation shall have the latest Microsoft operating
system patches, installed applications patches’ and the latest engine and virus
definition files from the AV vendor. Brand new USB drives are NOT exempted
from this step.
Commentary Note:

Some USB devices include manuals and executable files. These files shall be
removed prior to using the device for the intended purpose.

10.5 Once the scan confirms that the device is malware-free, it can be safely used to
transfer data.

10.6 When transferring data from a corporate workstation to the plant, the following
shall be applied:
a) Data shall be copied right away into the USB drive. Once data transfer
ends, the USB shall be put into Read-only mode. The device shall NOT be
plugged into any other system in between.
b) The integrity of downloaded files shall be verified through a cryptographic
hashing algorithm before being copied into the USB. Once the integrity is
verified, and data is copied, the device can be safely removed from the
corporate workstation.

Page 12 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

Commentary Note:

Microsoft File Checksum Integrity Verifier can be used to perform the MD5,
SHA-1 hash verification.
c) As a precautionary measure, the USB drive may be scanned on the plant
system as soon as the device is plugged in.
d) If the purpose of the exchange is only to copy data to the plant system, the
USB device shall be kept in read-only mode until unplugged from the plant
system.

10.7 When copying data from a plant system, the following shall be applied:
a) the USB drive shall be plugged into the plant system as soon as it is
unplugged from the IT workstation. The device shall NOT be plugged into
any other system in between.
b) As a precautionary measure, the USB drive may be scanned on the plant
system when it is plugged in.
c) The USB read-only mode shall be deactiviated to facilitate data exchange
until data transfer ends.

11 Removable Media Transport

The requirements set forth in this section are in line with ISO/IEC 27002:

11.1 Media containing information shall be protected against unauthorized access,

misuse or corruption during transportation outside controlled areas.

11.2 While in transit, handling and packaging shall be sufficient to protect the
contents from any physical damage.

11.3 When transporting removable media outside the facility, a log shall be kept
maintaining the following information:
 The content of the media.
 The protection applied.
 Time of transfer to the transit custodian(s).
 The recipient at the destination.

12 Removable Media Disposal

The requirements set forth in this section are in line with ISO/IEC 27002:

12.1 All sensitive data and licensed software shall be removed or securely
overwritten prior to removable media disposal.

Page 13 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

12.2 Standard delete and format function are NOT sufficient measures for destroying
confidential data.

12.3 Removable media shall be disposed of in a secure manner, when no longer required.

12.4 Follow GI-0299.120 “Sanitization and Disposal of Saudi Aramco Electronic

Storage Devices and Obsolete/Unneeded Software” for proper disposal of
removable media.

12.5 Disposal of media carrying sensitive content shall be logged in order to maintain
an audit trail.

12.6 A formal risk assessment shall be conducted, as per SAEP-707, for damaged
storage media carrying sensitive information in order to decide whether to
physically destroy the media, send for repair or discard.

13 Vendors’ Removable Media Devices

13.1 Vendors/contractors shall not use their own USB storage devices on any plant
system.

13.2 When needed, authorized plant personnel should provide a company-owned

USB storage device(s) to vendors for their use on the facility.

13.3 Vendor-provided data shall be transferred to company-owned USBs through an

intermediate workstation, i.e., an IT workstations.

13.4 Company-provided USB storage devices shall NOT be plugged into a vendor
system, or any other external system. Refer to 13.3 in order to copy vendor data
to a plant’s USB.

13.5 Company-owned USB storage devices used by vendors shall be handed over
once the vendor completes the required task(s). PAN admins shall track storage
media assignments to 3rd party personnel. The USB device need to be scanned
for malware threats, on an IT workstation, once the task is concluded.

13.6 Any other form of removable media, provided by vendors, shall be scanned, for
malware threats, on a corporate workstation before being used on a plant system.

14 Documentation

All practices related to removable media usage on Process Automation Systems that are
mentioned in this document shall be properly documented for accountability and tracking
purposes. All process automation system configurations detailed in this document shall
be performed and proper documentation shall be kept for future references.

Page 14 of 15
Document Responsibility: Plants Networks Standards Committee SAEP-98
Issue Date: 4 November 2015
Next Update: 4 November 2018 Removable Media Usage for Process Automation Systems

Revision Summary
29 October 2015 New Saudi Aramco Engineering Procedure that govern the use of removable media for data
exchange within the various Process Automation Systems (PAS) inside a plant and/or
between PAS and external systems. It establishes the minimum requirements for the proper
use of removable media devices for manual plant data exchange purposes.

Page 15 of 15