UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Information Security (INFOSEC) - Safe/Vault/Secure Room Management


Overview

Finding ID Version Rule ID IA Controls Severity
V-31266 IS-01.02.01 SV-41522r2_rule PESS-1 Medium
Description
Lack of adequate or Improper procedures for management of safes/vaults and secure rooms could result in the loss or compromise of classified material.
STIG Date
Traditional Security 2013-07-11

Details

Check Text ( C-39995r7_chk )
Check all safes, vaults and/or secure rooms (*only those containing DISN assets) for proper management practices:
1. Ensure only GSA-approved security containers are being utilized. GSA-approved security containers and vault doors must have a label indicating “General Services Administration Approved Security Container,” affixed to the front of the container, usually this is on the control or the top drawer of safes.

2. Ensure combinations are changed as required. This is recorded on the applicable SF 700 form and must be done: When placed in service, When someone with knowledge of the combination departs (unless other sufficient controls exist to prevent that individual’s access to the lock), When compromise of the combination is suspected, or When taken out of service built-in combination locks shall be reset to the standard combination of 50-25-50.

3. Ensure forms SF 700, Security Container Information are properly completed for each safe, vault and secure room used to store classified DISN assets. Examples of what to look for follows. For the SF 700 form ensure:
a. It shows the location of the door or container.
b. It reflects the names, home addresses, and home telephone numbers of the individuals having knowledge of the combination who are to be contacted in the event that the vault, secure room, or container is found open and unattended .
c. The cover sheet is filled out, attach it to the inside of the control drawer or on the inside face of the vault or secure room door, with either tape or a magnetically-attached holder.
d. The tear-off tab with the combination record is placed in the envelope, sealed, properly marked with the classification level and stored by the security manager in another approved classified container.

4. Ensure forms SF 702, Security Container Check Sheet are properly completed for each safe, vault and secure room used to store classified DISN assets. Examples of what to look for follows. For the SF 702 form ensure:
a. It provides a record of the names and times that persons have opened, closed or checked a particular container (safe, vault or secure room) that holds classified information.
b. It is properly annotated to reflect each opening and closing of the container.
c. It is properly annotated to reflect (at least) daily checks of ALL containers - whenever an area housing the containers is entered/occupied – EVEN IF THE CONTAINER IS NOT OPENED. If on weekends or holidays the area housing the container is not occupied the SF 702 would not require annotation; however, in the event the area is accessed for even a short period of time, the SF 702 forms for each container in the area should be annotated to reflect the container was checked. Annotation of the SF 702 forms should be conducted IN ADDITION TO the annotation of SF 701 forms reflecting end-of-day checks.

5. Ensure container repairs are conducted correctly IAW FED-STD-809. Details are at the DoD Lock Program WEB Portal for Drawer head Replacement.

TACTICAL ENVIRONMENT: This check is applicable where safes, vaults or secure rooms are used to protect classified materials or systems. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.
Fix Text (F-35163r3_fix)
All safes, vaults and/or secure rooms containing SIPRNet assets must adhere to the following proper management practices:

1. Only GSA-approved security containers are utilized. GSA-approved security containers and vault doors must have a label indicating “General Services Administration Approved Security Container,” affixed to the front of the container, usually this is on the control or the top drawer of safes.

2. Combinations must be changed as required. This is recorded on the applicable SF 700 form and must be done: When placed in service, When someone with knowledge of the combination departs (unless other sufficient controls exist to prevent that individual’s access to the lock), When compromise of the combination is suspected, or When taken out of service built-in combination locks shall be reset to the standard combination of 50-25-50.

3. Standard Forms (SF) 700, Security Container Information and SF 702, Security Container Check Sheet must be completed properly.

4. Repairs must be conducted correctly IAW FED-STD-809. Details are at the DoD Lock Program WEB Portal for Drawer head Replacement.