V-8515 | High | A SMU component is not installed in a controlled space with visitor access controls applied. | Requirement: The IAO at the SMU site will ensure that the SMU has adequate physical security protection.
The system design and architecture of the SMU provides for no security configuration... |
V-7960 | High | Management access points (i.e. administrative/maintenance ports, system access, etc.) are not protected by requiring a valid username and a valid password for access. | A valid username and a valid password are required to access all management system workstations and administrative / management ports on any device or system.
All system... |
V-7957 | High | Default passwords and user names have not been changed. | Requirement: The IAO will ensure that all system default passwords and user names are changed prior to connection to the DSN.
Systems not protected with strong... |
V-8519 | Medium | Foreign/Local National personnel hired by a base/post/camp/station for the purpose of operating or performing OAM&P / NM functions on DSN switches and subsystems have not been vetted through the normal process for providing SA clearance as dictated by the local Status of Forces Agreement (SOFA). | Requirement: The IAO and IAM will ensure that all Foreign/Local National personnel hired by a base/post/camp/station for the purpose of operating or performing OAM&P / NM functions on DSN switches... |
V-8518 | Medium | An OOB Management DOES NOT comply with the Enclave and/or Network Infrastructure STIGs. | Requirement: The IAO will ensure that out-of-band management networks comply with the Enclave and Network Infrastructure STIGs.
out-of-band management networks must comply with the requirements... |
V-8513 | Medium | The ADIMSS server connected to the SMU is NOT dedicated to ADIMSS functions. | Requirement: The IAO at the SMU site will ensure that the ADIMSS server connected to the SMU is dedicated to ADIMSS functions.ADIMSS servers represent mission critical equipment that contain... |
V-8512 | Medium | The SMU management port or management workstations is improperly connected to a network that is not dedicated to management of the SMU. | Requirement: The IAO at the SMU site will ensure that the SMU management port or stations are not connected to any network other than one dedicated to management of the SMU.The system design and... |
V-8517 | Medium | OOB management network are NOT dedicated to management of like or associated systems | Requirement: The IAO will ensure that network connected switch and device management ports are connected to a network dedicated to management of the device only and/or that of other associated... |
V-8516 | Medium | Network management/maintenance ports are not configured to “force out” or drop any user session that is interrupted for more than 15 seconds. | Requirement: The IAO will ensure that network connected management ports drop a connection that is interrupted for any reason within 15 seconds.
Network ports that are interrupted due to link... |
V-7970 | Medium | Crash-restart vulnerabilities are present on the DSN system component.
| Requirement: The IAO will ensure that tests are performed for crash-restart vulnerabilities and develop procedures to eliminate vulnerabilities found (i.e., ensure ENHANCED_PASSWORD_CONTROL is... |
V-7971 | Medium | The DSN system component is not installed in a controlled space with visitor access controls applied.
| Requirement: The IAO will ensure that DSN switches, peripheral, and OAM&P systems are installed in a controlled space with personnel and visitor access controls applied.
Controlling access to the... |
V-7972 | Medium | Documented procedures do not exist that will prepare for a suspected compromise of a DSN component.
| Requirement: The IAO will ensure that compromise recovery procedures are documented that will accomplish the following:
- Verify the integrity of the hardware, software, and communication lines... |
V-7973 | Medium | Audit records are NOT stored in an unalterable file and can be accessed by individuals not authorized to analyze switch access activity. | Requirement: The IAO will ensure that auditing records are placed in an unalterable audit or history file that is available only to those individuals authorized to analyze switch access and... |
V-7974 | Medium | Audit records do not record the identity of each person and terminal device having access to switch software or databases.
| Requirement: The IAO will ensure that the auditing process records the identity of each person and terminal device having access to switch software or databases
The identity... |
V-7975 | Medium | Audit records do not record the time of the access. | Requirement: The IAO will ensure that the auditing process records the time of the access.
The time of access needs to be recorded in the audit files to determine... |
V-7976 | Medium | The auditing records do not record activities that may change, bypass, or negate safeguards built into the software. | Requirement: The IAO will ensure that the auditing process records commands, actions, and activities executed during each session that might change, bypass, or negate safeguards built into the... |
V-7977 | Medium | Audit record archive and storage do not meet minimum requirements. | Requirement: The IAO will ensure that audit records (files) are stored on-line for 90 days and off-line for an additional 12 months.
Audit records provide the means for the ISSO/IAO or other... |
V-7978 | Medium | Audit records are not being reviewed by the ISSO/IAO weekly. | Requirement: The IAO will ensure that audit records (files) are stored on-line for 90 days and off-line for an additional 12 months.
By reviewing audit records on a... |
V-7979 | Medium | An Information Systems Security Officer/Information Assurance Officer (ISSO/IAO) is not designated for each telecommunications switching system or DSN Site. | Requirement: The DSN Program Management Office (PMO) or local site command/management, as appropriate, will document and ensure that an IAO is designated to oversee the IA posture and security of... |
V-8560 | Medium | Access to all management system workstations and administrative / management ports is NOT remotely authenticated | Requirement: The IAO will ensure that remote authentication is used to control access to all management system workstations and administrative / management ports on any device or system.
The... |
V-7969 | Medium | The system is not configured to disable a users account after three notifications of password expiration. | Requirement: The IAO will ensure that users will be prompted by the system three times to change their passwords before or after the password has reached the maximum password lifetime. If the... |
V-7967 | Medium | User passwords are displayed in the clear when logging into the system. | Requirement: The IAO will ensure that users’ passwords are not displayed in the clear when logging into the system.
When passwords are displayed (echoed) during... |
V-7966 | Medium | User passwords can be retrieved and viewed in clear text by another user. | Requirement: The IAO will ensure that users’ passwords are not displayed in the clear when logging into the system.
Password integrity is non existent if passwords are... |
V-7965 | Medium | The ISSO/IAO has not recorded the passwords of high level users (ADMIN) used on DSN components and stored them in a secure or controlled manner. | Requirement: The IAO will ensure that no user (to include Administrator) is permitted to retrieve the password of any user in clear text.
Passwords should be recorded and... |
V-7963 | Medium | Users are permitted to change their passwords at an interval of less than 24 hours without ISSO/IAO intervention.
| Requirement: The IAO will ensure that NO user passwords will be changed at an interval of less than 24 hours without IAO intervention.
Permitting passwords... |
V-7962 | Medium | Maximum password age does not meet minimum requirements. | Requirement: The IAO will ensure that all user passwords are changed at intervals of 90 days or less.
The longer a password is in use, the greater the opportunity for... |
V-7992 | Medium | Authentication is not required for every session requested. | Requirement: The IAO will ensure that identification and authentication is required for every session requested in accordance with I&A / password policy.
Authentication is a measure used to... |
V-7990 | Medium | Modem phone lines are not restricted to single-line operation.
| Requirement: The IAO will ensure that all modem phone lines are restricted to single-line operation without any special features such as the call forwarding capability.
By restricting modem phone... |
V-7996 | Medium | Administrative/maintenance ports are not being controlled by deactivating or physically disconnecting remote access devices when not in use. | Requirement: The IAO will ensure that serial management ports are controlled by deactivating or physically disconnecting access devices (i.e. modems or terminals) that are not in use.
The... |
V-7997 | Medium | Idle connections DO NOT disconnect in 15 min. | Requirement: The IAO will ensure that a timeout feature, set to 15 minutes, is used to disconnect idle connections.
Unattended systems are susceptible to unauthorized use. The system should be... |
V-7998 | Medium | The DSN component is not configured to be unavailable for 60 seconds after 3 consecutive failed logon attempts. | Requirement: The IAO will ensure that management ports that receive three consecutive failed logon attempts will be unavailable for at least 60 seconds.
After three failed logon attempts the... |
V-8338 | Medium | IAVMs are not addressed using RTS system vendor approved or provided patches. | Requirement: The IAO will ensure that all IAVM notices relating to the installation of security or other patches for general-purpose operating systems and software on devices other than... |
V-8541 | Medium | An OAM&P / NM or CTI network DOES NOT comply with the Enclave and/or Network Infrastructure STIGs. | Requirement: The IAO will ensure that OAM&P / NM and CTI networks comply with the Enclave and Network Infrastructure STIGs.
OAM&P / NM and CTI networks must comply with the requirements... |
V-8542 | Medium | An OAM&P / NM and CTI network/LAN is connected to the local general use (base) LAN without appropriate boundary protection.
| Requirement: The IAO will ensure that OAM&P / NM and CTI networks are not connected to the local general use (base) WAN.
The requirement to dedicate OAM&P / NM and CTI networks or LANS is... |
V-8543 | Medium | Voice/Video/RTS devices located in SCIFs do not prevent on-hook audio pick-up and/or do not have a speakerphone feature disabled or are not implemented in accordance with DCID 6/9 or TSG Standard 2. | Requirement: In the event that a telephone instrument connected to an unclassified telecommunications system are placed within a Sensitive Compartmented Information Facility (SCIF), the IAO will... |
V-8544 | Medium | An OAM&P / NM and CTI network/LAN is connected to the local general use (base) LAN without appropriate boundary protection. | Requirement: The IAO will ensure that OAM&P / NM and CTI networks are not connected to the local general use (base) LAN.
The requirement to dedicate OAM&P / NM and CTI networks or LANS is to... |
V-8545 | Medium | OAM&P / NM and CTI networks are NOT dedicated to the system that they serve in accordance with their separate DSN APL certifications. | Requirement: The IAO will ensure that out-of-band OAM&P / NM and CTI networks are dedicated to the system that they serve in accordance with their separate DSN APL certifications. CTI networks may... |
V-8546 | Medium | The auditing process DOES NOT record security relevant actions such as the changing of security levels or categories of information | Requirement: The IAO will ensure that the auditing process records security relevant actions (e.g., the changing of security levels or categories of information).
Security... |
V-7980 | Medium | Site personnel have not received the proper security training and/or are not familiar with the documents located in the security library. | Requirement: The IAO will ensure that personnel are familiar with the security practices outlined by applicable documents found in the site’s library and have received the appropriate security... |
V-7983 | Medium | Site staff does not verify and record the identity of individuals installing or modifying a device or software.
| Requirement: The IAO will ensure that site staff will verify and record the identity of individuals installing or modifying a device or software.
The identity of individuals performing software... |
V-7982 | Medium | System administrators are NOT appropriately cleared. | Requirement: The IAO will ensure that all System Administrators are appropriately cleared.
In order to maintain positive control over personnel access to DSN system components, all who are... |
V-7985 | Medium | Site staff does not ensure backup media is available and up to date prior to software modification. | Requirement: The IAO will ensure that site staff will ensure back-up media is available and up-to-date prior to software modification that could cause a significant disruption to service if the... |
V-7984 | Medium | System images are not being backed up on a weekly basis to the local system and a copy is not being stored on a removable storage device and/or is not being stored off site. | Requirement: The IAO will ensure that systems will be backed up on a weekly basis to the local system and a copy will be stored, off site, on a removable storage device by the Switch... |
V-7987 | Medium | A detailed listing of all modems is not being maintained.
| Requirement: The IAO will maintain a listing of all modems by model number, serial number, associated phone number, and location.
Ensure an accurate listing of all modems supporting the DSN is... |
V-7986 | Medium | Modems are not physically protected to prevent unauthorized device changes.
| Requirement: The IAO will ensure that all modems are physically protected to prevent unauthorized device changes.
Controlling physical access to modems supporting the DSN will limit the chance... |
V-7989 | Medium | Modem phone lines are not restricted and configured to their mission required purpose (i.e. inward/outward dial only).
| Requirement: The IAO will ensure that all modem phone lines are restricted and configured to their mission required purpose (inward dial only or outward dial only).
Ubiquitous phone lines open... |
V-7988 | Medium | Unauthorized modems are installed.
| Modems that are not provided by the Government for access to the DSN will not be allowed to connect to the DSN for access. No personally provided modems are permitted. This measure will assist... |
V-16076 | Medium | Deficient Policy or SOP regarding VTC, PC, and speakerphone microphone operations regarding their ability to pickup and transmit sensitive or classified information in aural form. | Microphones used with VTC systems and devices are designed to be extremely sensitive such that people speaking anywhere within a conference room is picked up and amplified so they can be heard... |
V-8559 | Medium | Strong two-factor authentication is NOT used to access all management system workstations and administrative / management ports on all devices or systems | Requirement: The IAO will ensure strong two-factor authentication is required to access all management system workstations and administrative / management ports on any device or system. The term... |
V-8558 | Medium | System administrative and maintenance users are assigned accounts with privileges that are not commensurate with their assigned responsibilities. | Requirement: The IAO will ensure that all systems and devices employ a role-based Discretionary Access Control system used to control access to OAM&P / NM systems, the devices they manage, and... |
V-8345 | Medium | A Voice/Video/RTS system is in operation but is not listed on the DSN APL nor is it in the process of being tested. | Requirement: The IAO will ensure that all installed systems and associated software releases for which he/she is responsible appear on the DSN APL in accordance with DODI 8100.3 requirements. This... |
V-8225 | Medium | Voice/Video Telecommunications infrastructure components (traditional TDM, VVoIP, or VTC) are not housed in secured or “controlled access” facilities with appropriate classification level or appropriate documented access control methods. | Controlling physical access to telecommunications infrastructure components is critical to assuring the reliability of the voice network and service delivery. Documenting or logging physical... |
V-7936 | Medium | Applicable security packages have not been installed on the system.
| Requirement: The IAO will ensure that all applicable security feature packages have been installed on the system to enable the required security features.
In order for the requirements of this... |
V-7937 | Medium | The IAO DOES NOT ensure that all temporary Foreign/Local National personnel given access to DSN switches and subsystems for the purpose of installation and maintenance, are controlled and provided direct supervision and oversight (e.g., escort) by a knowledgeable and appropriately cleared U.S. citizen. | Requirement: The IAO will ensure that all temporary Foreign/Local National personnel given access to DSN switches and subsystems for the purpose of installation and maintenance, is controlled and... |
V-7930 | Medium | Switch administration, ADIMSS, or other Network Management terminals are not located on a dedicated LAN.
| All Network Management and switch administration terminals connecting to the DSN are to be through a dedicated DSN network segment. Only authorized systems will be connected to this LAN. No... |
V-7931 | Medium | Network Management routers located at switch sites are not configured to provide IP and packet level filtering/protection.
| Requirement: The IAO will ensure that routers that provide remote connectivity to out-of-band management networks located at switch sites provide IP and packet level filtering/protection.
All... |
V-7932 | Medium | Administration terminals are used for other day-to-day functions (i.e. email, web browsing, etc). | Requirement: The IAO will ensure that OAM&P / NM and CTI system workstations are not used for other day-to-day functions (i.e., e-mail, web browsing, etc). ... |
V-7933 | Medium | Switch Administration terminals do not connect directly to the switch administration port or connect via a controlled, dedicated, out of band network used for switch administration support. | Requirement: The IAO will ensure that switch/device administration terminals are connected directly to the administration port of the switch/device or are connected via an out-of-band network used... |
V-7923 | Medium | The ISSO/IAO does not ensure that administration and maintenance personnel have proper access to the facilities, functions, commands, and calling privileges required to perform their job. | Requirement: The IAO will ensure that internal and external administrator/maintenance personnel have appropriate but limited access to the facilities, functions, commands, and calling privileges... |
V-8531 | Medium | The latest software loads and patches are NOT applied to all systems to take advantage of security enhancements. | Requirement: The IAO will ensure that the latest software loads and patches are applied to all systems to take advantage of security enhancements.
Many vendors provide patches or new versions of... |
V-8532 | Medium | Maintenance and security patches are NOT approved by the local DAA prior to installation in the system | Requirement: The IAO will ensure that maintenance and security patches that are applied to a system are approved by the local DAA before installation.
All patches and new system software must be... |
V-8535 | Medium | Major software version upgrades have NOT been tested, certified, and placed on the DSN APL before installation. | Requirement: The IAO will ensure that major software version upgrades have been tested, certified, and placed on the DSN APL before installation.
All new system major software releases must be... |
V-7926 | Medium | The ISSO/IAO and ISSM/IAM, in coordination with the SA, will be responsible for ensuring that all IAVM notices are responded to within the specified time period. | Requirement: The IAO will ensure that all IAVM notices are responded to within the time period specified within the notice.
The JTF-GNO (DoD CERT) automatically sends out IAVM notices that affect... |
V-8539 | Medium | A policy is NOT in place and/or NOT enforced regarding the use of unclassified telephone/RTS instruments located in areas or rooms where classified meetings, conversations, or work normally occur. | Requirement: The IAO will ensure that a policy is in place and enforced regarding the use of telephone instruments connected to unclassified telecommunications systems located in areas or rooms... |
V-7956 | Medium | Users are not required to change their password during their first session. | Requirement: The IAO will ensure that user passwords are assigned with the requirement for the user to change their password at first logon.
The ISSO/IAO will... |
V-7952 | Medium | A DoD VoIP system, device, or network is NOT configured in compliance with all applicable STIGs or the appropriate STIGs have not been applied to the fullest extent possible. | Requirement: Voice Over IP systems and networks will comply with the DSN, VoIP, and all other applicable STIGs as well as other applicable DOD Component guides.
The applicable STIGs define threat... |
V-7953 | Medium | Transport circuits are not encrypted.
| Requirement: The IAO will ensure that all circuits leaving the B/C/P/S are bulk encrypted.
The transport system is responsible for the delivery of voice and data circuits from one switch node to... |
V-7950 | Medium | Links within the SS7 network are not encrypted.
| Requirement: The IAO will ensure that all SS7 links leaving a base/post/camp/station are encrypted.
The examination of traffic patterns and statistics can reveal compromising information. Such... |
V-8520 | Medium | Foreign/Local National personnel have duties or access privileges that exceed those allowed by DODI 8500.2 E3.4.8. | Requirement: The IAO and IAM will ensure that all Foreign/Local National personnel hired by a base/post/camp/station for the purpose of operating or performing OAM&P / NM functions on DSN switches... |
V-7958 | Medium | Shared user accounts are used and not documented by the ISSO/IAO. | Requirement: The IAO will ensure that shared user accounts will not be used. Unless the use of shared user accounts is operationally essential and/or the device in question does not support... |
V-8514 | Low | The SMU ADIMSS connection is NOT dedicated to the ADIMSS network | Requirement: The IAO at the SMU site will ensure that the SMU ADIMSS connection is dedicated to the ADIMSS network.In addition to the administrator terminal connection, a secondary connection is... |
V-7944 | Low | Privilege authorization, Direct Inward System Access and/or Voice Mail special authorization codes or individually assigned PINS are not changed when compromised. | Requirement: The IAO will ensure that all Voice Mail (and/or Privilege authorization, Direct Inward System Access) special authorization codes or individually assigned PINs are changed immediately... |
V-7941 | Low | The Direct Inward System Access feature and/or access to Voice Mail is not controlled by either class of service, special authorization code, or PIN. | Requirement: The IAO will ensure that either class of service, special authorization code or PIN controls access to Voice Mail services.
If used, the Direct Inward System Access feature provides... |
V-7943 | Low | Personal Identification Numbers (PIN) assigned to special subscribers used to control Direct Inward System Access and Voice Mail services are not being controlled like passwords and deactivated when no longer required. | The PIN used to control access to the DISA feature should be controlled much like a special access code or password. If this PIN is not changed periodically and deactivated when no longer... |
V-7942 | Low | Direct Inward System Access and Voice Mail access codes are not changed semi-annually. | Requirement: The IAO will ensure that if Voice Mail services are controlled by special authorization code, this code will be controlled and changed semi-annually.
The special access code used by... |
V-8000 | Low | DSN system components must display the Standard Mandatory DoD Notice and Consent Banner exactly as specified prior to logon or initial access. | The operating system and remotely accessed information systems are required to display the DoD-approved system use notification message or banner before granting access to the system that provides... |
V-7964 | Low | Password reuse is not set to 8 or greater. | Requirement: The IAO will ensure that user passwords are not reused within eight of the previous passwords used. As a minimum.
A system is more vulnerable to... |
V-7961 | Low | Passwords do not meet complexity requirements. | Requirement: The IAO will ensure that passwords are required and contain at a minimum, a case sensitive, eight-character mix of upper-case letters, lower-case letters, numbers, and special... |
V-7993 | Low | The option to use the “callback” feature for remote access is not being used. | Requirement: The IAO will ensure that modem access to remote management ports incorporates the “callback” feature where technically feasible.
The callback feature ensures that pre-authorized user... |
V-7999 | Low | Serial management/maintenance ports are not configured to “force out” or drop any interrupted user session. | Requirement: The IAO will ensure that serial management ports immediately drop any connection that is interrupted for any reason. Reasons include modem power failure, link disconnection, loss of... |
V-8339 | Low | DoD voice/video/RTS information system assets and vulnerabilities are not tracked and managed using any vulnerability management system as required by DoD policy. | Requirement: The IAO will ensure that all systems including switches, OAM&P systems, auxiliary/adjunct, and peripheral systems connected to the DSN along with their SAs are registered and tracked... |
V-7981 | Low | The ISSO/IAO does not maintain a DSN Personnel Security Certification letter on file for each person involved in DSN A/NM duties. | A DSN Personnel Security Certification letter will provide documented proof that site personnel have attended and successfully passed a security training and awareness program. This program will... |
V-8556 | Low | All system administrative and maintenance user accounts are not documented. | Requirement: The IAO will document all system administrative and maintenance user accounts.
It is imperative that the IAO and SA is aware of all administrative and maintenance... |
V-8554 | Low | The available option of Command classes or command screening is NOT being used to limit system privileges | Requirement: The IAO will ensure that devices that are capable of command screening or command classes are configured to use this feature in conjunction with DAC.
Input... |
V-8346 | Low | A Voice/Video/RTS system or device is NOT installed according to the deployment restrictions and/or mitigations contained in the IA test report, Certifying Authority’s recommendation and/or DSAWG approval documentation. | Requirement: The IAO will ensure that products or software releases are installed and maintained in accordance with all applicable STIGs AND the installation restrictions and vulnerability... |
V-8340 | Low | A DoD Voice/Video/RTS system or device is NOT configured in compliance with all applicable STIGs or the appropriate STIGs have not been applied to the fullest extent possible. | Requirement: The IAO will ensure that all systems connected to DOD telecommunications systems that use technologies covered by a DISA/DOD STIG, is secured in compliance with the applicable STIG(s)... |
V-8341 | Low | The purchase / maintenance contract, or specification, for the Voice/Video/RTS system under review does not contain verbiage requiring compliance and validation measures for all applicable STIGs. | Requirement: The DSN PMO and/or site command/management will ensure that “compliance with all applicable STIGs” requirements and validation measures are added to specifications and contracts for... |
V-7934 | Low | Attendant console ports are available to unauthorized users by not allowing any instrument other than the Attendant console to connect to the Attendant console port.
| Requirement: The IAO will ensure that attendant console ports will not be available to unauthorized users by not allowing any instrument other than the attendant console to connect to the... |
V-7935 | Low | The ISSO/IAO has not established Standard Operating Procedures.
| Requirement: The IAO will establish a standard operating procedure (SOP) or other form of record that will accomplish the following:
- Identify and document all users, administrators, maintainers,... |
V-8352 | Low | The voice or video system certification and accreditation must be maintained to reflect the installation or modification of the system configuration. | The DSN system is certified and accredited per the DoD Risk Management Framework (RMF) either separately or as part of a larger site accreditation. Previous to the DoD RMF, the DoD Information... |
V-7925 | Low | System Administrators (SAs) responsible for DSN information systems are not registered with the DISA VMS. | Requirement: The IAO will ensure that all Switch and System Administrators (SAs) responsible for VMS registered DSN critical assets will also be registered with the VMS. This includes non DISA... |
V-7922 | Low | The sites telephone switch is not frequently monitored for changing calling patterns and system uses for possible security concerns. | Requirement: The IAO will ensure that the site’s telephone switch is frequently monitored for changing calling patterns and system uses for possible security concerns.
Changing calling patterns... |
V-7921 | Low | The IAO does not conduct and document self-inspections of the DSN components at least semi-annually for security risks. | Requirement: The IAO will ensure that self-inspections of the telephone components, are conducted and documented for security risks at least semi annually.
If periodic security self-inspections... |
V-7924 | Low | DSN systems are not registered in the DISA VMS | Requirement: The IAO will ensure that all DISA owned and operated DSN critical assets are registered with the DISA/DoD VMS as follows:
- All backbone switches (TSs, STPs, MFSs)
- All other... |
V-55025 | Low | DSN system components Standard Mandatory DoD Notice and Consent Banner must be acknowledged by the user prior to logon or initial access. | The operating system and remotely accessed information systems are required to display the DoD-approved system use notification message or banner before granting access to the system that provides... |
V-7954 | Low | Physical access to commercial Add/Drop Multiplexers (ADMs) is not restricted.
| Requirement: The IAO or other responsible party will ensure that the physical access to commercial Add/Drop Multiplexers (ADMs) is limited.
Transport equipment to include ADMs may be located in... |
V-7955 | Low | The ISSO/IAO does not maintain a library of security documentation.
| Requirement: The site IAO will maintain an up-to-date library to include, at a minimum.
- CJCSI 6215.01B, 23SEP01, Policy For Department Of Defense Voice Networks
- CJCSM 6510.01, 15 MAR02,... |
V-7959 | Low | The option to disable user accounts after 30 days of inactivity is not being used. | Requirement: The IAO will ensure that user accounts are disabled after 30 days of inactivity.
User accounts that are inactive for more than 30 days should be disabled... |
V-7945 | unknown | Equipment, cabling, and terminations that provide emergency life safety services such as 911 (or European 112) services and/or emergency evacuation paging systems are NOT clearly identified and marked. | Requirement: The IAO will ensure that all equipment that provides emergency life safety services such as 911 services is clearly identified.
The availability of systems supporting emergency life... |
V-7947 | unknown | The SS7 termination blocks are not clearly identified at the MDF. | Requirement: The IAO will ensure that the SS7 termination blocks are clearly identified at the MDF.
The A links that connect an SSP to the STPs need to be clearly identified and routed diversely... |
V-7946 | unknown | SS7 links are not clearly identified and routed separately from termination point to termination point.
| Requirement: The IAO will ensure that all SS7 Links are clearly identified and redundant links are diversely routed from termination point to termination point.The A links that connect an SSP to... |
V-7940 | unknown | The option to restrict user access based on duty hours is available but is not being utilized. | Requirement: The IAO will ensure that user access is restricted based on duty hours, where technically feasible.
The restriction of user access by limiting access... |
V-7949 | unknown | Power cabling that serves SS7 equipment is not clearly identified at both the termination point and at the fusing position. | Requirement: The IAO will ensure that the power cabling serving SS7 equipment is clearly identified at both the termination point and at the fusing position.
The power cabling serving SS7... |
V-7948 | unknown | Power cabling that serves SS7 equipment is not diversely routed to separate Power Distribution Frames (PDF) and identified.
| Requirement: The IAO will ensure that the power cabling serving SS7 equipment is diversely routed to separate and redundant PDFs.
The power cabling of the SS7 equipment needs to be routed... |
V-7968 | unknown | The option to use passwords that are randomly generated by the DSN component is available but not being used. | Requirement: The IAO will ensure that users will be prompted by the system three times to change their passwords before or after the password has reached the maximum password lifetime. If the... |
V-7991 | unknown | The option of Automatic Number Identification (ANI) is available but not being used.
| Requirement: The IAO will ensure that Automatic Number Identification (ANI) is enabled on modem lines to record access to remote access ports if this function is available. The IAO, or authorized... |
V-7994 | unknown | FIPS 140-2 validated Link encryption mechanisms are not being used to provide end-to-end security of all data streams entering the remote access port of a telephone switch. | Requirement: The IAO will ensure that a FIPS 140-2 validated encryption mechanism is used to provide security of all data streams between the management port of the DSN component and a remote... |
V-7995 | unknown | The option to use two-factor authentication when accessing remote access ports is not being used. | Requirement: The IAO will ensure that remote access ports require two-factor authentication. This is defined as requiring something along the lines of a token in addition to a User ID and password... |
V-8347 | unknown | A Voice/Video/RTS system or device is NOT installed in the same configuration and being used for the same purpose that was tested for prior to DSAWG approval and DSN APL listing. | Requirement: The IAO will ensure that systems are implemented using the configuration that was approved and for the approved purpose. Alternate configurations and purposes must be resubmitted for... |
V-8342 | unknown | The DAA, IAM, IAO, or SA for the system DOES NOT enforce contract requirements for STIG compliance and validation | Requirement: The IAO will ensure that commercially contracted (leased or procured) systems and services supporting the DSN comply with all applicable STIGs in accordance with contract... |
V-8348 | unknown | The requirement of DSN APL listing is not being considered during the procurement, installation, connection, or upgrade to the site’s Voice/Video/RTS infrastructure. | Requirement: The DSN PMO, DOD Component command, site command/management, or the IAO will ensure that products being considered for procurement, installation, connection, or upgrade to the DSN are... |
V-8537 | unknown | There is no system installed that can provide emergency life safety or security announcements | Requirement: The IAO should ensure that a system is installed to provide emergency announcements and messages in accordance with public law in response to 11 September 2001 and/or local building... |