Protected Distribution System (PDS) Construction - Point of Presence (PoP) and Terminal Equipment Protection. This requirement concerns security of both the starting and ending points for PDS within proper physically protected and access controlled environments.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-30938	CS-04.01.01	SV-40980r3_rule	DCSR-3 ECCT-2 PESS-1	High

Description
A PDS that is not constructed and physically protected as required could result in the covert or undetected interception of classified information.

STIG	Date
Traditional Security	2013-07-11

Details

Check Text ( C-39598r5_chk )
This potential finding concerns security requirements for the physical locations of both the starting and ending points for Protected Distribution Systems (PDS)within a physical enclave. Check to ensure: 1. The PDS originates within the room or area containing the SIPRNet Point of Presence (PoP) for the facility, which must be in a Secret or above Secure Room, Vault or SCIF. 2. PDS terminal equipment (wall jacks) are located in a Secret or higher Controlled Access Area (CAA), Secret or higher vault, Secret or higher Secure Room or in a SCIF. 3. PDS terminating in areas not a Secret or higher CAA may terminate in an Information Processing Systems (IPS) Container, which is a specially designed safe for operation of classified network equipment. 4. If an IPS container is used ensure it is located within at least a Limited Controlled Area (LCA).

Check Text ( C-39598r5_chk )

This potential finding concerns security requirements for the physical locations of both the starting and ending points for Protected Distribution Systems (PDS)within a physical enclave.

Check to ensure:

1. The PDS originates within the room or area containing the SIPRNet Point of Presence (PoP) for the facility, which must be in a Secret or above Secure Room, Vault or SCIF.

2. PDS terminal equipment (wall jacks) are located in a Secret or higher Controlled Access Area (CAA), Secret or higher vault, Secret or higher Secure Room or in a SCIF.

3. PDS terminating in areas not a Secret or higher CAA may terminate in an Information Processing Systems (IPS) Container, which is a specially designed safe for operation of classified network equipment.

4. If an IPS container is used ensure it is located within at least a Limited Controlled Area (LCA).

Fix Text (F-34749r4_fix)
This requirement concerns security requirements for the physical locations of both the starting and ending points for Protected Distribution Systems (PDS)within a physical enclave. All of the following requirements must be met: 1. The PDS must originate within the room or area containing the SIPRNet Point of Presence (PoP) for the facility, which must be in a Secret or above Secure Room, Vault or SCIF. 2. PDS terminal equipment (wall jacks) must be located in a Secret or higher Controlled Access Area (CAA), Secret or higher vault, Secret or higher Secure Room or in a SCIF. 3. As an alternative to #2 above, any PDS terminating in areas not a Secret or higher CAA may terminate in an Information Processing Systems (IPS) Container, which is a specially designed safe for operation of classified network equipment. 4. If an IPS container is used it must be located within at least a Limited Controlled Area (LCA).

Fix Text (F-34749r4_fix)

This requirement concerns security requirements for the physical locations of both the starting and ending points for Protected Distribution Systems (PDS)within a physical enclave.

All of the following requirements must be met:

1. The PDS must originate within the room or area containing the SIPRNet Point of Presence (PoP) for the facility, which must be in a Secret or above Secure Room, Vault or SCIF.

2. PDS terminal equipment (wall jacks) must be located in a Secret or higher Controlled Access Area (CAA), Secret or higher vault, Secret or higher Secure Room or in a SCIF.

3. As an alternative to #2 above, any PDS terminating in areas not a Secret or higher CAA may terminate in an Information Processing Systems (IPS) Container, which is a specially designed safe for operation of classified network equipment.

4. If an IPS container is used it must be located within at least a Limited Controlled Area (LCA).