Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32396 | PE-05.02.01 | SV-42733r2_rule | ECPA-1 PRAS-1 PRAS-2 PRNK-1 | Medium |
Description |
---|
Failure to investigate personnel based upon their position sensitivity could result in unauthorized personnel having access to classified or sensitive information. |
STIG | Date |
---|---|
Traditional Security | 2013-07-11 |
Check Text ( C-40839r2_chk ) |
---|
Check site personnel records against JPAS and as applicable any local PERSEC Data Base or equivalent for completion of appropriate level of investigation based on clearance/IT position designations. NOTE 1: Personnel Occupying Information Systems Positions Designated ADP-I, ADP-II and ADP-III. DoD military, civilian personnel, consultants, and contractor personnel performing on unclassified automated information systems may be assigned to one of three position sensitivity designations (in accordance with Appendix 10 of DoD 5200.2-R, Personnel Security Program) and MINIMALLY investigated as follows: ADP-I (AKA: IT-1): SSBI/SBPR/PPR ADP-II (AKA: IT-2): ANACI /NACI /NACLC/ S-PR ADP-III (AKA: IT-3): NAC/ENTNAC Those personnel falling in the above ADP categories who also require access to classified information will, of course, be subject to the appropriate investigative scope for the level of security clearance required. The investigative scope for clearances may exceed but not be less than that required for the designated ADP level. NOTE 2: All designated IA Positions IAW DoD 8570.01-M (IAT Levels I-III or IAM Levels I-III) must be checked. Random checks of all other site personnel records should be made. TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments and is also applicable to a field/mobile environment. |
Fix Text (F-36313r2_fix) |
---|
Ensure that the appropriate level of investigation for each military, civilian or contract employee has been completed based on clearance/IT position designations and is reflected in JPAS and as applicable any local PERSEC Data Base or equivalent. NOTE 1: Personnel Occupying Information Systems Positions Designated ADP-I, ADP-II and ADP-III. DoD military, civilian personnel, consultants, and contractor personnel performing on unclassified automated information systems may be assigned to one of three position sensitivity designations (in accordance with Appendix 10 of DoD 5200.2-R, Personnel Security Program) and MINIMALLY investigated as follows: ADP-I (AKA: IT-1): SSBI/SBPR/PPR ADP-II (AKA: IT-2): ANACI /NACI /NACLC/ S-PR ADP-III (AKA: IT-3): NAC/ENTNAC Those personnel falling in the above ADP categories who also require access to classified information will, of course, be subject to the appropriate investigative scope for the level of security clearance required. The investigative scope for clearances may exceed but not be less than that required for the designated ADP level. NOTE 2: All designated IA Positions IAW DoD 8570.01-M (IAT Levels I-III or IAM Levels I-III) must be checked. Random checks of all other site personnel records should be made. |