Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32262 | IS-16.03.02 | SV-42579r2_rule | CODB-2 ECML-1 | Low |
Description |
---|
Failure to mark CUI in an approved manner can result in the loss or compromise of sensitive information. |
STIG | Date |
---|---|
Traditional Security | 2013-07-11 |
Check Text ( C-40773r3_chk ) |
---|
General Information: This check is only for unclassified/sensitive media being used in a strictly unclassified physical environment. If all Controlled Unclassified Information (CUI) media are in a mixed environment where classified systems and media are in use, then STIG ID IS-3.2.1. appies and this check is NA. Check to ensure the following standard is met: Regardless of media type, the requirement to identify as clearly as possible the information requiring protection remains. Therefore check to ensure that all unclassified media containing CUI is properly marked according to content. Where it is not feasible to include markings with all of the information required for classified or sensitive documents or media, an explanatory statement that provides the required information shall be included on the item or with the documentation that accompanies it. While For Official Use Only (FOUO) is the primary CUI marking used in DoD, all types of CUI markings must be considered for use as appropriate. For instance: “Law Enforcement Sensitive” is a marking sometimes applied, in addition to the marking “FOR OFFICIAL USE ONLY,” by the Department of Justice and other activities in the law enforcement community, including those within the Department of Defense. TACTICAL ENVIRONMENT: The check is applicable for all fixed tactical processing environments where CUI is developed and used. Not applicable to a field/mobile environment. |
Fix Text (F-36187r1_fix) |
---|
General Information: This fix is only for unclassified/sensitive media being used in a strictly unclassified physical environment. If all Controlled Unclassified Information (CUI) media are in a mixed environment where classified systems and media are in use, then STIG ID IS-3.2.1. appies and this potential vulnerability is NA. Ensure the following standard is met: Regardless of media type, the requirement to identify as clearly as possible the information requiring protection remains. Therefore ensure that all unclassified media containing CUI is properly marked according to content. Where it is not feasible to include markings with all of the information required for classified or sensitive documents or media, an explanatory statement that provides the required information shall be included on the item or with the documentation that accompanies it. While For Official Use Only (FOUO) is the primary CUI marking used in DoD, all types of CUI markings must be considered for use as appropriate. For instance: “Law Enforcement Sensitive” is a marking sometimes applied, in addition to the marking “FOR OFFICIAL USE ONLY,” by the Department of Justice and other activities in the law enforcement community, including those within the Department of Defense. |