UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DCSR-3 Specified Robustness – High


Overview

Only high-robustness GOTS or COTS IA and IA-enabled IT products are used to protect classified information when the information transits networks that are at a lower classification level than the information being transported. High-robustness products have been evaluated by NSA or in accordance with NSA-approved processes. COTS IA and IA-enabled IT products used for access control, data separation or privacy on classified systems already protected by approved high-robustness products at a minimum, satisfy the requirements for basic robustness. If these COTS IA and IA-enabled IT products are used to protect National Security Information by cryptographic means, NSA-approved key management may be required.

MAC / CONF Impact Subject Area
CLASSIFIED High Security Design and Configuration

Details

Threat
Utilizing GOTS or COTS IA and IA-enabled IT products that are designated at a lower robustness then is required will increase network vulnerability by not adequately protecting DoD data and information systems.  By adhering to robustness requirements, organizations can be confident that they are applying the appropriate level of protection to their network.

Guidance
1. Use high-robustness GOTS or COTS IA and IA-enabled IT products to protect classified information when the information transits networks at a lower classification level than the information being transported. *
2. Ensure all High-robustness designated products have been evaluated by NSA in accordance with NSA-approved processes. *
3. COTS IA and IA-enabled IT products used for access control, data separation or privacy on classified systems already protected by approved high-robustness products at a minimum, satisfy the requirements for basic robustness. If these COTS IA and IA-enabled IT products are used to protect National Security Information by cryptographic means, NSA-approved key management may be required. *
 
* Note: These requirement are more stringent than DCSR-2

References

  • DoD CIO Guidance and Policy Memorandum No. 6-8510, DoD GIG IA, 16 June 2000
  • CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
  • DoDI 8500.2, Information Assurance Implementation, para. E3.2.4.3, .1, .2, 06 February 2003
  • Information Assurance Technical Framework, Appendix E IATF Release 3.1. September 2002