Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-30973 | CS-04.01.07 | SV-41015r2_rule | DCSR-3 ECCT-2 PESS-1 | High |
Description |
---|
A PDS that is not constructed and configured as required could result in the undetected interception of classified information. Within mobile tactical situations a hardened carrier is not possible and therefore the unencrypted SIPRNet cable must be maintained within the confines of the tactical encampment with the cable under continuous observation and control to prevent exploitation by enemy forces. In theaters of operation where fixed facilities are well established, standard PDS applications must be employed unless a risk assessment is conducted to determine the vulnerabilities and risks associated with using unencrypted cable that is not in a hardened carrier. |
STIG | Date |
---|---|
Traditional Security | 2013-07-11 |
Check Text ( C-39633r7_chk ) |
---|
PDS in a tactical environment. Check to ensure: 1. The PDS is located within the limits of the installation and command post, or in an area directly under the commander’s physical control. 2. Continuously viewed Carriers must be used in tactical environments with mobile systems employing inter-shelter cabling. 3. Continuously viewed Carriers may also be used in tactical environments with "fixed facilities" ONLY if it is determined through a documented Risk Assessment that the cost or feasibility to install a Hardened or Alarmed Carrier is not warranted. If applicable based on the risk assessment STIG ID VULS CS-04.01.01 through CS-04.01.06 may be used for fixed facilities in a theater of operations. 4. ALL PDS in a tactical environment must be included in a well documented Risk Assessment, for which residual risk has been acknowledged and accepted by the PDS Approval Authority. |
Fix Text (F-34783r5_fix) |
---|
PDS in a tactical environment: 1. The PDS must be located within the limits of the installation and command post, or in an area directly under the commander’s physical control. 2. Continuously viewed Carriers must be used in tactical environments with mobile systems employing inter-shelter cabling. 3. Continuously viewed Carriers may also be used in tactical environments with "fixed facilities" ONLY if it is determined through a documented Risk Assessment that the cost or feasibility to install a Hardened or Alarmed Carrier is not warranted. If applicable based on the risk assessment STIG ID VULS CS-04.01.01 through CS-04.01.06 may be used for fixed facilities in a theater of operations. 4. ALL PDS in a tactical environment must be included in a well documented Risk Assessment, for which residual risk has been acknowledged and accepted by the PDS Approval Authority. |