Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-31988 | IS-07.03.01 | SV-42287r2_rule | PESP-1 PESS-1 | Low |
Description |
---|
Failure to develop procedures and to train employees on protection of classified when removed from storage could lead to the loss or compromise of classified or sensitive information due to a lack of employee knowledge of requirements. |
STIG | Date |
---|---|
Traditional Security | 2013-07-11 |
Check Text ( C-40626r7_chk ) |
---|
1. Check there are written procedures for handling classified material/equipment when removed from a security container and/or secure room. These procedures must thoroughly cover all aspects of protection and storage of classified materials and be made readily available to each employee via electronic means, such as in space on an organizational intranet, shared folders or other means available. (CAT III) 2. Check training logs (initial and annual refresher) that all employees granted access to classified are briefed on proper handling procedures e.g., use of cover sheets, maintaining positive control of the material, marking/labeling, access by vendors, determining clearance and need-to-know before release, reproduction, etc. (CAT III) TACTICAL ENVIRONMENT: The check is applicable for fixed tactical classified processing environments. Not applicable to a field/mobile environment. |
Fix Text (F-35917r7_fix) |
---|
There must be written procedures for handling classified material/equipment when removed from approved storage (security container and/or secure room, vault, collateral classified open storage area or SCIF). The procedures must be readily available to each employee via electronic means, such as in space on an organizational intranet, shared folders or other means available Training logs (initial and annual refresher) must reflect that all employees granted access to classified are briefed on proper handling procedures e.g., use of cover sheets, maintaining positive control of the material, marking/labeling, access by vendors, determining clearance and need-to-know before release, reproduction, etc. |