UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Contract requirements for STIG compliance and validation must be enforced.


Overview

Finding ID Version Rule ID IA Controls Severity
V-8342 DSN03.03 SV-8837r2_rule Low
Description
The ISSO must ensure that commercially contracted systems and services supporting the DSN comply with all applicable STIGs in accordance with contract requirements. STIG compliance is DoD policy and must be accomplished to the greatest extent possible so that any information system may be Certified and Accredited, operated, and connected to other systems if applicable. Placing this requirement in procurement contracts puts the vendor on notice that their product or solution must support these DoD policy requirements. The responsibility of monitoring compliance of contract requirements falls to the AO, ISSM, ISSO, and/or SA responsible for operating the system in compliance with policy. Placing compliance requirements in a contract provides no assurance that they are being met if there is no validation or enforcement of the contract requirements.
STIG Date
Defense Switched Network (DSN) STIG 2017-01-19

Details

Check Text ( C-61965r1_chk )
Review site documentation to confirm a policy and procedure enforce contract requirements for STIG compliance and validation. If a policy and procedure do not enforce contract requirements for STIG compliance and validation, this is a finding.
Fix Text (F-7991r2_fix)
Implement site policy and procedures to enforce contract requirements for STIG compliance and validation.