UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Information Assurance - COOP Plan Testing (Incomplete)


Overview

Finding ID Version Rule ID IA Controls Severity
V-31004 IA-02.03.01 SV-41051r2_rule COAS-1 COAS-2 COBR-1 CODB-1 CODB-2 CODB-3 CODP-1 CODP-2 CODP-3 COEB-1 COEB-2 COED-1 COED-2 COEF-1 COEF-2 COMS-1 COMS-2 COPS-1 COPS-2 COPS-3 COSP-1 COSP-2 COSW-1 COTR-1 DCAR-1 DCHW-1 Low
Description
Failure to develop a COOP and test it periodically can result in the partial or total loss of operations and INFOSEC. A contingency plan is necessary to reduce mission impact in the event of system compromise or disaster
STIG Date
Traditional Security 2013-07-11

Details

Check Text ( C-39666r4_chk )
This check is for when a reviewer finds that a COOP process is well established, but it does not include a minority of systems or requirements based on system MAC levels.

NOTES:

1. This finding/VUL is only applicable when MAC III level systems are connected to the DISN and do not have a COOP and/or the COOP is not tested and the risk for not having a COOP and/or documented testing is not accepted by the DAA in a risk assessment document. It is NA for MAC I and MAC II systems without a COOP.

2. If this finding/VUL is used then VUL V0030997 is NA.

3. This VUL is applicable in a tactical environment if it involves a fixed facility as previously described.
Fix Text (F-34814r4_fix)
ALL systems connected to the DISN must be included in the enclave COOP documentation and testing. If it is determined that MAC Level III systems connected to the DISN do not need to be included in the COOP (plan and/or testing) then the risk for this must specifically be accepted by the DAA in a risk assessment document.