Monitor Screens - Disable Access by CAC or Token Removal, or Lock Computer via Ctrl/Alt/Del

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-31993	IS-08.01.02	SV-42292r2_rule	PECF-1 PECF-2 PEDI-1 PEPF-1 PEPF-2 PRAS-2 PRNK-1	High

Description
The DoD Common Access Cards (CAC) a "smart" card, is the standard identification for active-duty military personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel. It is also the principal card used to enable physical access to buildings and controlled spaces, and it provides access to defense computer networks and systems. The card, which is the property of the U.S. Government, is required to be in the personal custody of the member at all times. System Access Tokens are also used on the SIPRNet and the cards along with a Personal identity Number (PIN) can be used to access classified information on the SIPRNet in lieu of a logon ID and password. CAC and SIPRNet tokens are very important components for providing both physical and logical access control to DISN assets and must therefore be strictly controlled. Physically co-locating REL Partners or other FN - who have limited access to the SIPRNet or other US Classified systems - near US personnel in a collateral classified (Secret or higher) open storage area or in a Secret or higher Controlled Access Area (CAA) that processes classified material is permissible for operational efficiency and coordination. Failure to limit access to information systems is especially important in mixed US/FN environments. This is particularly important on US Only classified terminals when not personally and physically attended by US personnel. The failure to properly disable information workstations and monitor screens when unattended can result in FN personnel having unauthorized access to classified information, which can result in the loss or compromise of classified information, including NOFORN information. Appropriate but simple physical and procedural security measures must be put in place to ensure that unauthorized persons to include FN partners do not have unauthorized access to information not approved for release to them. Control of CACs, SIPRNet tokens and locking of computer work stations when unattended is an important aspect of proper procedural security measure implementation.

Description

The DoD Common Access Cards (CAC) a "smart" card, is the standard identification for active-duty military personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel. It is also the principal card used to enable physical access to buildings and controlled spaces, and it provides access to defense computer networks and systems. The card, which is the property of the U.S. Government, is required to be in the personal custody of the member at all times. System Access Tokens are also used on the SIPRNet and the cards along with a Personal identity Number (PIN) can be used to access classified information on the SIPRNet in lieu of a logon ID and password. CAC and SIPRNet tokens are very important components for providing both physical and logical access control to DISN assets and must therefore be strictly controlled. Physically co-locating REL Partners or other FN - who have limited access to the SIPRNet or other US Classified systems - near US personnel in a collateral classified (Secret or higher) open storage area or in a Secret or higher Controlled Access Area (CAA) that processes classified material is permissible for operational efficiency and coordination. Failure to limit access to information systems is especially important in mixed US/FN environments. This is particularly important on US Only classified terminals when not personally and physically attended by US personnel. The failure to properly disable information workstations and monitor screens when unattended can result in FN personnel having unauthorized access to classified information, which can result in the loss or compromise of classified information, including NOFORN information. Appropriate but simple physical and procedural security measures must be put in place to ensure that unauthorized persons to include FN partners do not have unauthorized access to information not approved for release to them. Control of CACs, SIPRNet tokens and locking of computer work stations when unattended is an important aspect of proper procedural security measure implementation.

STIG	Date
Traditional Security	2013-07-11

Details

Check Text ( C-40633r7_chk )
Check to ensure: 1. Servers and/or user hard drives/monitors/keyboards are disabled (locked) by CAC or Token Removal, or where CACs or tokens are not used the Computer must be locked via Ctrl/Alt/Del. (CAT I) 2. CACs and other tokens are not left unattended and are in the physical custody of the person to whom they were issued. (CAT II) TACTICAL ENVIRONMENT: This check is applicable to all environments (including a field/mobile tactical environment) where information system assets are connected to the DISN.

Check Text ( C-40633r7_chk )

Check to ensure:

1. Servers and/or user hard drives/monitors/keyboards are disabled (locked) by CAC or Token Removal, or where CACs or tokens are not used the Computer must be locked via Ctrl/Alt/Del. (CAT I)

2. CACs and other tokens are not left unattended and are in the physical custody of the person to whom they were issued. (CAT II)

TACTICAL ENVIRONMENT: This check is applicable to all environments (including a field/mobile tactical environment) where information system assets are connected to the DISN.

Fix Text (F-35925r3_fix)
1. Servers and/or user hard drives/monitors/keyboards must be disabled (locked) by CAC or Token Removal, or where CACs or tokens are not used the Computer must be locked via Ctrl/Alt/Del. 2. CACs and other tokens must not be left unattended and must be in the physical custody of the person to whom they were issued.