Information Assurance - COOP Plan Testing (Incomplete)
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-31004 | IA-02.03.01 | SV-41051r2_rule | COAS-1 COAS-2 COBR-1 CODB-1 CODB-2 CODB-3 CODP-1 CODP-2 CODP-3 COEB-1 COEB-2 COED-1 COED-2 COEF-1 COEF-2 COMS-1 COMS-2 COPS-1 COPS-2 COPS-3 COSP-1 COSP-2 COSW-1 COTR-1 DCAR-1 DCHW-1 | Low |
| Description |
|---|
| Failure to develop a COOP and test it periodically can result in the partial or total loss of operations and INFOSEC. A contingency plan is necessary to reduce mission impact in the event of system compromise or disaster |
| STIG | Date |
|---|---|
| Traditional Security | 2013-07-11 |
Details
| Check Text ( C-39666r4_chk ) |
|---|
| This check is for when a reviewer finds that a COOP process is well established, but it does not include a minority of systems or requirements based on system MAC levels. NOTES: 1. This finding/VUL is only applicable when MAC III level systems are connected to the DISN and do not have a COOP and/or the COOP is not tested and the risk for not having a COOP and/or documented testing is not accepted by the DAA in a risk assessment document. It is NA for MAC I and MAC II systems without a COOP. 2. If this finding/VUL is used then VUL V0030997 is NA. 3. This VUL is applicable in a tactical environment if it involves a fixed facility as previously described. |
| Fix Text (F-34814r4_fix) |
|---|
| ALL systems connected to the DISN must be included in the enclave COOP documentation and testing. If it is determined that MAC Level III systems connected to the DISN do not need to be included in the COOP (plan and/or testing) then the risk for this must specifically be accepted by the DAA in a risk assessment document. |