Vault/Secure Room Storage Standards - IDS Performance Verification

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-31279	IS-02.02.02	SV-41547r2_rule	PEPF-2 PESS-1	Medium

Description
Failure to test IDS functionality on a periodic basis could result in undetected alarm sensor or other system failure. This in-turn could result in an undetected intrusion into a secure room (AKA: collateral classified open storage area) and the undetected loss or compromise of classified material. meet standards for ensuring that there is structural integrity of the physical perimeter surrounding a secure room

Description

Failure to test IDS functionality on a periodic basis could result in undetected alarm sensor or other system failure. This in-turn could result in an undetected intrusion into a secure room (AKA: collateral classified open storage area) and the undetected loss or compromise of classified material. meet standards for ensuring that there is structural integrity of the physical perimeter surrounding a secure room

STIG	Date
Traditional Security	2013-07-11

Details

Check Text ( C-40042r3_chk )
This check is concerned with verification of IDS functionality where IDS is used as a supplemental control for vaults or secure rooms/areas containing SIPRNet assets. Following are the required checks: Check #1. Checks of ALL individual alarm sensors (BMS, motion, glass break, etc.) will be conducted at least every 90 days. Check #2. Valid tests IAW best practices using government or industry standards and tools will be used to conduct the checks. Check #3. Written procedures will be developed for tests of each sensor type in use at a site. Check #4. Results of testing will be maintained on file for at least 180 days. TACTICAL ENVIRONMENT: This check is applicable where Vaults/Secure Rooms are used to protect classified materials or systems in a tactical environment. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.

Check Text ( C-40042r3_chk )

This check is concerned with verification of IDS functionality where IDS is used as a supplemental control for vaults or secure rooms/areas containing SIPRNet assets.

Following are the required checks:

Check #1. Checks of ALL individual alarm sensors (BMS, motion, glass break, etc.) will be conducted at least every 90 days.

Check #2. Valid tests IAW best practices using government or industry standards and tools will be used to conduct the checks.

Check #3. Written procedures will be developed for tests of each sensor type in use at a site.

Check #4. Results of testing will be maintained on file for at least 180 days.

TACTICAL ENVIRONMENT: This check is applicable where Vaults/Secure Rooms are used to protect classified materials or systems in a tactical environment. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.

Fix Text (F-35191r2_fix)
Conduct verification of IDS functionality where IDS is used as a supplemental control for vaults or secure rooms/areas containing SIPRNet assets. Following are the required fixes: Fix #1. Ensure that checks of ALL individual alarm sensors (BMS, motion, glass break, etc.) are conducted at least every 90 days. Fix #2. Ensure that valid tests IAW best practices using government or industry standards and tools are used to conduct the checks. Fix #3. Ensure that written procedures are developed for tests of each sensor type in use at a site. Fix #4. Ensure that results of testing are maintained on file for at least 180 days.

Fix Text (F-35191r2_fix)

Conduct verification of IDS functionality where IDS is used as a supplemental control for vaults or secure rooms/areas containing SIPRNet assets.

Following are the required fixes:

Fix #1. Ensure that checks of ALL individual alarm sensors (BMS, motion, glass break, etc.) are conducted at least every 90 days.

Fix #2. Ensure that valid tests IAW best practices using government or industry standards and tools are used to conduct the checks.

Fix #3. Ensure that written procedures are developed for tests of each sensor type in use at a site.

Fix #4. Ensure that results of testing are maintained on file for at least 180 days.