Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-30974 | CS-05.03.01 | SV-41017r2_rule | DCSR-3 ECCT-1 PESS-1 | Low |
Description |
---|
A PDS that is not approved could cause an Information Assurance Manager, Designated Approving Authority and other concerned managerial personnel to not be fully aware of all vulnerabilities and residual risk of IA systems under their purview. |
STIG | Date |
---|---|
Traditional Security | 2013-07-11 |
Check Text ( C-39637r2_chk ) |
---|
Validate that: 1. The approval authority is the system Designated Accrediting Authority (DAA), cognizant security office for contractors or other Department or Agency designee having Approval Authority for the installation and operation of the PDS and 2. That a documented approval of the PDS is signed by the current approval authority. NOTE: In tactical environments mobile systems employing inter-shelter cabling need not be re-approved for each relocation if the relocation provides security comparable to that of the original approval. Otherwise, new approval must be obtained. |
Fix Text (F-34784r2_fix) |
---|
1. The approval authority must be the system DAA, cognizant security office for contractors or other Department or Agency designee having Approval Authority for the for the installation and operation of the PDS and 2. A documented approval of the PDS must be signed by the current approval authority. NOTE: In tactical environments mobile systems employing inter-shelter cabling need not be re-approved for each relocation if the relocation provides security comparable to that of the original approval. Otherwise, new approval must be obtained. |