Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-31995 | IS-10.03.01 | SV-42294r2_rule | PESP-1 PESS-1 | Low |
Description |
---|
Lack of or improper reproduction procedures for classified material could result in the loss or compromise of classified information. |
STIG | Date |
---|---|
Traditional Security | 2013-07-11 |
Check Text ( C-40635r8_chk ) |
---|
Classified Reproduction - Document Copying using Multi-Functional Device (MFD) machines (ie., copier, fax, scanner) connected to SIPRNet or NIPRNet. This STIG Check concerns ONLY PROCEDURES for the reproduction (copying) of classified DOCUMENTS on Multi-Functional Devices (MFD) connected to the DISN. General guidance: Paper copies, electronic files, and other material containing classified information shall be reproduced only when necessary for accomplishing the organization’s mission or for complying with applicable statutes or Directives. Personnel reproducing classified information are knowledgeable of the procedures for classified reproduction and aware of the risks involved with the specific reproduction equipment being used and the appropriate countermeasures they are required to take. Reproduced material is to be placed under the same accountability and control requirements as applied to the original material. Classified material is to be reproduced only on approved and, when applicable, properly accredited systems. Check to ensure: Check #1. Procedures for the proper reproduction of classified documents are posted on or near the MFD copiers approved for classified reproduction. The procedures must alert users the particular MFD copier is approved for classified reproduction. Check #2. Other copiers in the organization that are not approved for classified document reproduction must also be marked to alert users of the prohibition against making classified copies. Check #3. Unless the copier can be properly purged of all classified data or images after each use for classified - it must be housed in an area approved for open storage of classified material. Be aware that many current copiers and multi-functional devices (MFD) contain hard drives that collect and store images and data. Such machines must be maintained in space approved for open storage of classified. Check #4. ONLY copiers that can be properly purged of classified data or images after each period of copying classified may be maintained outside space approved for classified open storage - but this must be in space where access is controlled to at least the level of the classified material authorized to be copied on the machine. This would be a Secret Controlled Access Area (CAA) for MFD connected to SIPRNet. Check #5. Procedures posted near the MFD copier must contain steps for users to take after copying classified documents. Steps must include double checking of the copier for missed pages, counting original and copied pages, purging of images (if applicable), use of cover sheets, and general protection/control guidelines for reproduced documents. TACTICAL ENVIRONMENT: This check is applicable in a fixed operational facility in a tactical environment if classified equipment is used or documents or media are created/extracted from the SIPRNet. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used. |
Fix Text (F-35927r3_fix) |
---|
Classified Reproduction - Document Copying using Multi-Functional Device (MFD) machines (ie, copier, fax, scanner) connected to SIPRNet or NIPRNet. This STIG Check concerns ONLY PROCEDURES for the reproduction (copying) of classified DOCUMENTS on Multi-Functional Devices (MFD) connected to the DISN. General guidance: Paper copies, electronic files, and other material containing classified information shall be reproduced only when necessary for accomplishing the organization’s mission or for complying with applicable statutes or Directives. Personnel reproducing classified information are knowledgeable of the procedures for classified reproduction and aware of the risks involved with the specific reproduction equipment being used and the appropriate countermeasures they are required to take. Reproduced material is to be placed under the same accountability and control requirements as applied to the original material. Classified material is to be reproduced only on approved and, when applicable, properly accredited systems. Ensure: 1. Procedures for the proper reproduction of classified documents are posted on or near the MFD copiers approved for classified reproduction. The procedures must alert users the particular copier is approved for classified reproduction. 2. Other copiers in the organization that are not approved for classified document reproduction must also be marked to alert users of the prohibition against making classified copies. 3. Unless the MFD copier can be properly purged of all classified data or images after each use for classified - it must be housed in an area approved for open storage of classified material. Be aware that many current copiers and multi-functional devices (MFD) contain hard drives that collect and store images and data. Such machines must always be maintained in space approved for open storage of classified. 4. ONLY copiers that can be properly purged of classified data or images after each period of copying classified may be maintained outside space approved for classified open storage - but this must be in space where access is controlled to at least the level of the classified material authorized to be copied on the machine. This would be a Secret Controlled Access Area (CAA)for MFD connected to SIPRNet. 5. Procedures posted near the copier must contain steps for users to take after copying classified documents. Steps must include double checking of the copier for missed pages, counting original and copied pages, purging of images (if applicable), use of cover sheets, and general protection/control guidelines for reproduced documents. |