UCF STIG Viewer Logo

Foreign National (FN) Systems Access - Local Nationals (LN) Overseas System Access - Vetting for Privileged Access


Overview

Finding ID Version Rule ID IA Controls Severity
V-31221 FN-02.01.02 SV-41430r2_rule ECAN-1 IAAC-1 High
Description
Failure to subject foreign nationals to background checks could result in the loss or compromise of classified or sensitive information by foreign sources.
STIG Date
Traditional Security 2013-07-11

Details

Check Text ( C-39946r4_chk )
When local foreign nationals are hired by DOD organizations overseas IAW the applicable Status of Forces Agreement (SOFA) and are assigned to Information Assurance (IA) positions of trust:

1. Check to ensure they comply with background investigation requirements (SSBI or equivalent) AND that they are not assigned to any IAM Level III positions or IAT Level III positions of trust IAW DoD 8570.01-M, IA Workforce Improvement Program.

2. Check to ensure that Local Nationals (LN) and Foreign nationals (FN) are always supervised by a higher level Information Assurance (IA) position that is occupied by a US Government employee who is a US citizen.

3. Check to ensure that the Information Assurance Manager is never a LN/FN.

TACTICAL ENVIRONMENT: This check is applicable where LN/FN are employed in a tactical environment with access to US or Coalition Forces Systems.
Fix Text (F-35118r2_fix)
When local foreign nationals are hired by DOD organizations overseas IAW the applicable SOFA and are assigned to Information Assurance (IA) positions of trust:

1. They must have successfully completed and comply with background investigation requirements (SSBI or equivalent)

2. They must not be assigned to any IAM Level III positions or IAT Level III positions of trust IAW DoD 8570.01-M, IA Workforce Improvement Program.

3. A Local National (LN) or Foreign National (FN) employed in an information system position of trust must always be supervised by a higher level IA position occupied by a US Government employee who is also a US citizen.

4. An Information Assurance Manager must never be a LN or FN.