Vault/Secure Room Storage Standards - Intrusion Detection System and Access Control System (IDS/ACS) Component Tamper Protection

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-31291	IS-02.02.06	SV-41562r2_rule	PEPF-2 PESS-1	Medium

Description
Failure to tamper protect IDS/ACS component enclosures and access points external to protected vaults/secure rooms space could result in the undetected modification or disabling of IDS/ACS system components. This could lead to the undetected breach of secure space containing SIPRNet assets and result in the undetected loss or compromise of classified information or materials.

STIG	Date
Traditional Security	2013-07-11

Details

Check Text ( None )
None

Fix Text (F-35210r4_fix)
Requirements Summary: Protection must be established and maintained for all component devices or equipment that constitute the entry/access control system (ACS) and/or the intrusion detection system (IDS) used to protect a vault, secure room or collateral classified open storage area, which contains SIPRNet assets. If access to a junction box or controller will enable an unauthorized modification, then alarmed tamper protection, which is normally provided by a pressure sensitive switch must be used. Fixes: 1. IDS/ACS components located both outside and inside the secure area must have tamper protection resulting in an alarm signal sent to the primary IDS Monitoring Station. Normally this is provided by a pressure sensitive switch, which automatically sends an alarm signal when the protective enclosure covering component equipment is opened. 2. ALL IDS/ACS ancillary equipment such as card readers, keypads, communication or interface devices for vaults, secure rooms, or collateral classified open storage areas containing SIPRNet assets must have tamper resistant enclosures and be securely fastened to the wall or other permanent structure. Control panels and ACS devices located within a Secret or TS Controlled Access Area (CAA) need only a minimal degree of physical security protection sufficient to preclude unauthorized access to the mechanism.

Fix Text (F-35210r4_fix)

Requirements Summary:

Protection must be established and maintained for all component devices or equipment that constitute the entry/access control system (ACS) and/or the intrusion detection system (IDS) used to protect a vault, secure room or collateral classified open storage area, which contains SIPRNet assets.

If access to a junction box or controller will enable an unauthorized modification, then alarmed tamper protection, which is normally provided by a pressure sensitive switch must be used.

Fixes:

1. IDS/ACS components located both outside and inside the secure area must have tamper protection resulting in an alarm signal sent to the primary IDS Monitoring Station. Normally this is provided by a pressure sensitive switch, which automatically sends an alarm signal when the protective enclosure covering component equipment is opened.

2. ALL IDS/ACS ancillary equipment such as card readers, keypads, communication or interface devices for vaults, secure rooms, or collateral classified open storage areas containing SIPRNet assets must have tamper resistant enclosures and be securely fastened to the wall or other permanent structure. Control panels and ACS devices located within a Secret or TS Controlled Access Area (CAA) need only a minimal degree of physical security protection sufficient to preclude unauthorized access to the mechanism.