Visitor Control - To Facility or Organization with Information System Assets Connected to the DISN
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32602 | PH-06.02.01 | SV-42939r2_rule | PEPF-1 PEPF-2 PEVC-1 | Medium |
| Description |
|---|
| Failure to identify and control visitors could result in unauthorized personnel gaining access to the facility with the intent to compromise classified information, steal equipment, or damage equipment or the facility. |
| STIG | Date |
|---|---|
| Traditional Security | 2013-07-11 |
Details
| Check Text ( C-41041r4_chk ) |
|---|
| Checks: Review visitor control procedures and implementation and ensure they include verification of clearance/investigation status, personal identification of visitor, registering of visitors, proper badging and escorts. NOTE 1: Traditional Security reviewers may evaluate implementation of the visitor process by reviewing how the review team was identified and badged. NOTE 2: Detailed audit logs of all facility visitors should be maintained for at least 90 days. Access Control System (ACS) electronic logs may be used to meet this requirement. NOTE 3: Additional interviews can be conducted with personnel handling the visitor control function. TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments. Not applicable to a field/mobile environment. |
| Fix Text (F-36517r2_fix) |
|---|
| Fixes: Review visitor control procedures and implementation and ensure they include verification of clearance/investigation status, personal identification of visitor, registering of visitors, proper badging and escorts. NOTE: Detailed audit logs of all facility visitors should be maintained for at least 90 days. Access Control System (ACS) electronic logs may be used to meet this requirement. |