Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
COMSEC Training - COMSEC User
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-30933 | CS-02.02.02 | SV-40975r2_rule | ECCM-1 | Medium |
| Description |
|---|
| Failure to properly brief COMSEC users could result in the loss of cryptologic devices or key, or the compromise of classified information. |
| STIG | Date |
|---|---|
| Traditional Security | 2013-07-11 |
Details
| Check Text ( C-39594r4_chk ) |
|---|
| Check proof of user training. NOTES: 1. Applies in a tactical environment if the crypto equipment and key material being observed is at a location where supporting staff (IAM, SM, COMSEC Custodian/COMSEC Responsible Officer (CRO) AKA: Hand Receipt Holder)would logically be located. If it is a mobile tactical organization, COMSEC users should previously have received proper training; however, since the documentation will likely not be available in a field environment this check will be NA. 2. Observations and comments may be entered into VMS, even if there is no finding. 3. Ensure that any COMSEC account, materials or equipment being inspected is used for encryption of DISN assets. COMSEC accounts or items not used with DISN assets should not be inspected. |
| Fix Text (F-34744r3_fix) |
|---|
| Train all COMSEC users on proper procedures for operation of COMSEC equipment and on proper protection of both classified COMSEC materials as well as COMSEC Controlled Information (CCI). Documented proof of initial user training must be on-hand and updated at least annually. |