DSN systems are not registered in the DISA VMS

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7924	DSN02.01	SV-8410r1_rule	ECND-1 ECND-2 ECSC-1	Low

Description
Requirement: The IAO will ensure that all DISA owned and operated DSN critical assets are registered with the DISA/DoD VMS as follows: - All backbone switches (TSs, STPs, MFSs) - All other switches (EOs, SMEOs, PBX1s, PBX2s and RSUs) owned by DISA - All components of the ADIMSS - All components of auxiliary/adjunct or peripheral systems owned by DISA - All TSs or MFSs owned and operated by DOD components Exception: This requirement is not applicable to systems owned, operated, and maintained by DOD components other than DISA such as EOs, SMEOs, PBX1s, PBX2s and RSUs or their OAM&P and auxiliary/adjunct or peripheral systems. See DSN02.02 below.The DISA/DoD VMS in conjunction with JTF-GNO sends out notifications on vulnerabilities (IAVMs) as they are discovered in commercial and military information infrastructures. If DSN assets and their SAs are not registered with the DISA/DoD VMS,, administrators will not be notified of important vulnerabilities such as viruses, denial of service attacks, system weaknesses, back doors and other potentially harmful situations.

Description

Requirement: The IAO will ensure that all DISA owned and operated DSN critical assets are registered with the DISA/DoD VMS as follows: - All backbone switches (TSs, STPs, MFSs) - All other switches (EOs, SMEOs, PBX1s, PBX2s and RSUs) owned by DISA - All components of the ADIMSS - All components of auxiliary/adjunct or peripheral systems owned by DISA - All TSs or MFSs owned and operated by DOD components Exception: This requirement is not applicable to systems owned, operated, and maintained by DOD components other than DISA such as EOs, SMEOs, PBX1s, PBX2s and RSUs or their OAM&P and auxiliary/adjunct or peripheral systems. See DSN02.02 below.The DISA/DoD VMS in conjunction with JTF-GNO sends out notifications on vulnerabilities (IAVMs) as they are discovered in commercial and military information infrastructures. If DSN assets and their SAs are not registered with the DISA/DoD VMS,, administrators will not be notified of important vulnerabilities such as viruses, denial of service attacks, system weaknesses, back doors and other potentially harmful situations.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-7305r1_chk )
Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable.

Fix Text (F-7988r1_fix)
Comply with policy. Register all assets and their SAs in the DISA/DoD VMS that are required to be registered.