UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DCFA-1 Functional Architecture for AIS Applications


Overview

For AIS applications, a functional architecture that identifies the following has been developed and is maintained: - all external interfaces, the information being exchanged, and the protection mechanisms associated with each interface - user roles required for access control and the access privileges assigned to each role (See ECAN) - unique security requirements (e.g., encryption of key data elements at rest) - categories of sensitive information processed or stored by the AIS application, and their specific protection plans (e.g., Privacy Act, HIPAA) - restoration priority of subsystems, processes, or information (See COEF).

MAC / CONF Impact Subject Area
MACI
MACII
MACIII
Medium Security Design and Configuration

Details

Threat
Information systems without proper architectural documentation may be difficult to troubleshoot in a timely manner.  Additionally, continuity of operations is seriously degraded when system architecture is undocumented.  Having complete and accurate functional documentation for an AIS application architecture ensures all unique aspects are captured.

Guidance
1. Each Component shall identify standard and unique characteristics of their AIS applications to develop a functional architecture that identifies the following:
a. All external interfaces, the information being exchanged, and the protection mechanisms associated with each interface;
b. User roles required for access control and the access privileges assigned to each role (See ECAN);
c. Unique security requirements (e.g., encryption of key data elements at rest);
d. Categories of sensitive information processed or stored by the AIS application, and their specific protection plans (e.g., Privacy Act, HIPAA); and
e. Restoration priority of subsystems, processes, or information (See COEF).
2. Components shall maintain and keep current their functional architecture documentation through disposal.

References

  • DoDI 8500.2, Information Assurance (IA) Implementation, 06 February 2003