The ISSO/IAO has not established Standard Operating Procedures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7935	DSN04.06	SV-8421r1_rule		Low

Description
Requirement: The IAO will establish a standard operating procedure (SOP) or other form of record that will accomplish the following: - Identify and document all users, administrators, maintainers, managers, and their associated training requirements. - Identify and document all telephone system assets - Identify and document all telephone services required - Identify and document all telephone services that are not to be allowed - Identify and document all telephone system threats. - Identify and document all audit items as required by this document.At a minimum, the ISSO/IAO should be aware of who has what level of access to the DSN switching system, as well as possible threats to the system based on its environment. By establishing an SOP that identifies and documents all assets, services, threats, as well as users, administrators, managers and their associated operational requirements in supporting DSN systems, the ISSO/IAO will ensure that the DSN is providing the proper service securely.

Description

Requirement: The IAO will establish a standard operating procedure (SOP) or other form of record that will accomplish the following: - Identify and document all users, administrators, maintainers, managers, and their associated training requirements. - Identify and document all telephone system assets - Identify and document all telephone services required - Identify and document all telephone services that are not to be allowed - Identify and document all telephone system threats. - Identify and document all audit items as required by this document.At a minimum, the ISSO/IAO should be aware of who has what level of access to the DSN switching system, as well as possible threats to the system based on its environment. By establishing an SOP that identifies and documents all assets, services, threats, as well as users, administrators, managers and their associated operational requirements in supporting DSN systems, the ISSO/IAO will ensure that the DSN is providing the proper service securely.

STIG	Date
Defense Switched Network (DSN) STIG	2017-01-19

Details

Check Text ( C-7316r1_chk )
Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable.

Fix Text (F-7510r1_fix)
The ISSO/IAO should develop an SOP that will satisfy the requirements as outlined in the DSN STIG.