Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-30931 | CS-02.02.01 | SV-40973r2_rule | ECCM-1 | Medium |
Description |
---|
Lack of appropriate training for managers of COMSEC accounts could result in the mismanagement of COMSEC records, inadequate physical protection and ultimately lead to the loss or compromise of COMSEC keying material. |
STIG | Date |
---|---|
Traditional Security | 2013-07-11 |
Check Text ( C-39592r2_chk ) |
---|
Check for documented proof of COMSEC Custodian or hand receipt holder training. NOTES: 1. Formal training for primary COMSEC account holders must be completed within 6-months of being designated as COMSEC Custodian. 2. Ensure that any COMSEC account, materials or equipment being inspected is used for encryption of DISN assets. COMSEC accounts or items not used with DISN assets should not be inspected |
Fix Text (F-34740r2_fix) |
---|
Documented proof of required COMSEC Custodian or hand receipt holder training must be available. Formal training of primary COMSEC account holders is required within 6-months of being appointed as COMSEC Custodian or alternate. Sub-Account or hand receipt holders may be trained by the sponsoring primary account COMSEC Custodian. |