UCF STIG Viewer Logo

COMSEC Training - COMSEC User


Overview

Finding ID Version Rule ID IA Controls Severity
V-30933 CS-02.02.02 SV-40975r2_rule ECCM-1 Medium
Description
Failure to properly brief COMSEC users could result in the loss of cryptologic devices or key, or the compromise of classified information.
STIG Date
Traditional Security 2013-07-11

Details

Check Text ( C-39594r4_chk )
Check proof of user training. NOTES: 1. Applies in a tactical environment if the crypto equipment and key material being observed is at a location where supporting staff (IAM, SM, COMSEC Custodian/COMSEC Responsible Officer (CRO) AKA: Hand Receipt Holder)would logically be located. If it is a mobile tactical organization, COMSEC users should previously have received proper training; however, since the documentation will likely not be available in a field environment this check will be NA. 2. Observations and comments may be entered into VMS, even if there is no finding. 3. Ensure that any COMSEC account, materials or equipment being inspected is used for encryption of DISN assets. COMSEC accounts or items not used with DISN assets should not be inspected.
Fix Text (F-34744r3_fix)
Train all COMSEC users on proper procedures for operation of COMSEC equipment and on proper protection of both classified COMSEC materials as well as COMSEC Controlled Information (CCI). Documented proof of initial user training must be on-hand and updated at least annually.