Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Site staff does not verify and record the identity of individuals installing or modifying a device or software.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-7983 | DSN17.01 | SV-8469r1_rule | ECSC-1 PECF-1 | Medium |
| Description |
|---|
| Requirement: The IAO will ensure that site staff will verify and record the identity of individuals installing or modifying a device or software. The identity of individuals performing software load upgrades or maintenance of a DSN component must be recorded. This will make a particular person or vendor representative accountable for all actions performed, giving the ISSO/IAO and site personnel the means to investigate all activity.One means of maintaining such records, is to obtain a DD2875 from all individuals this type of work. |
| STIG | Date |
|---|---|
| Defense Switched Network STIG | 2015-01-02 |
Details
| Check Text ( C-7650r1_chk ) |
|---|
| Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable. |
| Fix Text (F-7513r1_fix) |
|---|
| Obtain a System Authorization Access Request (SAAR) DD Form 2875 for each DRSN user to validate their need-to-know |