UCF STIG Viewer Logo

The IAO does not conduct and document self-inspections of the DSN components at least semi-annually for security risks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-7921 DSN01.01 SV-8407r1_rule ECMT-1 ECMT-2 ECSC-1 Low
Description
Requirement: The IAO will ensure that self-inspections of the telephone components, are conducted and documented for security risks at least semi annually. If periodic security self-inspections are not conducted, vulnerabilities could go unnoticed during day to day operations resulting in an unacceptable level of risk that could lead to possible compromise. By conducting security self-inspections, security risks can be identified, analyzed, and if not mitigated, appropriately addressed.
STIG Date
Defense Switched Network STIG 2015-01-02

Details

Check Text ( C-7302r1_chk )
Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable
Fix Text (F-7965r1_fix)
Establish policy and procedures to ensure that, at a minimum, semi-annual security self-inspections are conducted.