COMSEC Account Management - Appointment of Responsible Person
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-30885 | CS-01.03.01 | SV-40925r2_rule | ECCM-1 | Low |
| Description |
|---|
| Lack of formal designation of an individual to be responsible for COMSEC items could result in mismanagement, loss or even compromise of COMSEC materials. Additionally, lack of formal vetting for a specific individual to be appointed for management of COMSEC material could result in a person (such as a non-US Citizen) having unauthorized access. |
| STIG | Date |
|---|---|
| Traditional Security | 2013-07-11 |
Details
| Check Text ( C-12356r3_chk ) |
|---|
| Check there is a current COMSEC Custodian appointment letter or verify there is a Hand Receipt Holder for COMSEC key material received from a supporting account. NOTE: Ensure that any COMSEC account, materials or equipment being inspected is used for encryption of DISN assets. COMSEC accounts or items not used with DISN assets should not be inspected. |
| Fix Text (F-7853r4_fix) |
|---|
| A person must be identified and appointed in writing to be either the COMSEC custodian or a COMSEC Hand Receipt Holder. Alternates must also be appointed in writing. |