An Information Systems Security Officer/Information Assurance Officer (ISSO/IAO) is not designated for each telecommunications switching system or DSN Site.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7979	DSN16.01	SV-8465r1_rule	DCSD-1 PECF-1	Medium

Description
Requirement: The DSN Program Management Office (PMO) or local site command/management, as appropriate, will document and ensure that an IAO is designated to oversee the IA posture and security of each switch, site, system, and facility. The IAO will have the proper training and clearance level as directed by DODI 8500.2 E3.4.8. The DSN PMO should maintain documentation regarding IAO assignments for all sites and/or systems in the inventory. The DSN IAO may have responsibility for systems other than DSN systems and may be responsible for remote sites attached to his/her main site or system. Security Administration is accomplished through the ongoing efforts of a number of personnel. The Security Manager is the principal advisor to the site Commander/Director for the administration and management of the overall site security program. The Information Systems Security Manager/Information Assurance Manager (ISSM/IAM) is responsible for managing the AIS security program. The ISSO/IAO is responsible for implementing security requirements for one or more computer systems and reports directly to the ISSM/IAM. To oversee the security of the systems within the DSN, all sites will establish an onsite DSN ISSO/IAO position. This individual should be knowledgeable of the security features available in the sites telecommunications switching system and how these features are employed.

Description

Requirement: The DSN Program Management Office (PMO) or local site command/management, as appropriate, will document and ensure that an IAO is designated to oversee the IA posture and security of each switch, site, system, and facility. The IAO will have the proper training and clearance level as directed by DODI 8500.2 E3.4.8. The DSN PMO should maintain documentation regarding IAO assignments for all sites and/or systems in the inventory. The DSN IAO may have responsibility for systems other than DSN systems and may be responsible for remote sites attached to his/her main site or system. Security Administration is accomplished through the ongoing efforts of a number of personnel. The Security Manager is the principal advisor to the site Commander/Director for the administration and management of the overall site security program. The Information Systems Security Manager/Information Assurance Manager (ISSM/IAM) is responsible for managing the AIS security program. The ISSO/IAO is responsible for implementing security requirements for one or more computer systems and reports directly to the ISSM/IAM. To oversee the security of the systems within the DSN, all sites will establish an onsite DSN ISSO/IAO position. This individual should be knowledgeable of the security features available in the sites telecommunications switching system and how these features are employed.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-7649r2_chk )
Or review the required “documents on file” that are necessary for compliance with the requirement.

Fix Text (F-7554r1_fix)
Establish a DSN ISSO/IAO position. In general, this individual will be responsible for establishing, implementing, monitoring, and controlling the sites telephone system security program which will ensure the evaluation of all components of the sites telephone system.