Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-31276 | IS-02.01.09 | SV-41543r2_rule | PEPF-2 PESS-1 | High |
Description |
---|
Failure to meet standards for ensuring that there is structural integrity of the physical perimeter surrounding a secure room (AKA: collateral classified open storage area) IAW DoD Manual 5200.01, Volume 3 could result in the undetected loss or compromise of classified material. Motion detection located interior to secure rooms provides the most complete/overarching coverage of any Intrusion Detection System (IDS) alarm sensor. While most sensors like BMS alarm contacts, glass break detectors, etc. are only able to detect potential intrusion at specific locations, use of motion detection provides a capability to protect large areas with "blanket coverage" generally using fewer sensors. This capability need not cover the entire secure room space (although that would be best) but can be used effectively by placement directly over the protected assets or in hallways or other restricted passage ways leading to classified/sensitive assets. Consolidating classified information system assets in specific spaces within secure rooms enables a more efficient use of motion detectors and ensures the most critical assets are properly protected. |
STIG | Date |
---|---|
Traditional Security | 2013-07-11 |
Check Text ( C-40018r7_chk ) |
---|
The following applies where an IDS is used in lieu of 4-hour random checks, for secure rooms or collateral classified open storage areas areas containing SIPRNet assets: Checks: 1. Check to ensure that secure rooms or areas where classified SIPRNet equipment and/or associated media is stored in the open is protected with interior motion detection sensors; e.g., ultrasonic and passive infrared, during times when the specific area containing the classified material is closed or not under continuous observation and control. Use of dual technology sensors is authorized when one technology transmits an alarm condition independently from the other technology. A failed detector shall cause an immediate and continuous alarm condition. Employment of motion detectors need not cover 100% of the entire secure room space (although that is recommended) but shall minimally (directly) cover any safes and SIPRNet assets (equipment or media) that are accessible within the secure room or area. Motion detectors placed to cover only doors that are protected with BMS alarm contacts are not sufficient to meet this requirement/check. At a minimum the SIPRNet equipment MUST be directly covered by the motion sensors. 2. Check that, at a minimum all spaces containing SIPRNet assets are directly covered by motion detection sensors. TACTICAL ENVIRONMENT: This check is applicable where Secure Rooms are used to protect classified materials or systems in a tactical environment. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used. |
Fix Text (F-35187r5_fix) |
---|
Compliance with the following two considerations is required where an IDS is used in lieu of 4-hour random checks, for secure rooms or collateral classified open storage areas areas containing SIPRNet assets: 1. Secure rooms or areas where classified SIPRNet equipment and/or associated media is stored in the open must be protected with interior motion detection sensors when the specific area containing the classified material is closed or not under continuous observation and control; e.g., ultrasonic and passive infrared. Use of dual technology is authorized when one technology transmits an alarm condition independently from the other technology. A failed detector shall cause an immediate and continuous alarm condition. Employment of motion detectors need not cover 100% of the entire secure room space (although that is recommended) but shall minimally (directly) cover any safes and SIPRNet assets (equipment or media) that are accessible within the secure room or area. Motion detectors placed to cover only doors that are protected with BMS alarm contacts are not sufficient to meet this requirement/check. 2. At a minimum all SIPRNet connected equipment must be directly covered by motion sensors. |