UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Counter-Intelligence Program - Training, Procedures and Incident Reporting


Overview

Finding ID Version Rule ID IA Controls Severity
V-32607 SM-03.03.01 SV-42944r2_rule DCSD-1 PRTN-1 Low
Description
Failure to establish a good working relationship with the supporting/local CI agency and lack of proper CI training for site/organization employees could result in not being informed of local threats and warnings leaving the organization vulnerable to the threat and/or a delay in reporting a possible incident involving reportable FIE-Associated Cyberspace Contacts, Activities, Indicators, and Behaviors, which could adversely impact the Confidnetiality, Intergity or Availability (CIA) of the DISN. .
STIG Date
Traditional Security 2013-07-11

Details

Check Text ( C-41046r2_chk )
Background Information:

It is DoD policy that:
a. Initial and annual CI awareness and reporting (CIAR) training on the foreign intelligence entity (FIE) threat, methods, reportable information, and reporting procedures shall be provided to DoD personnel as outlined in Enclosure 3 of DoDD 5240.06, 17 May 11 .
b. Potential FIE threats to the DoD, its personnel, information, materiel, facilities, and
activities, or to U.S. national security shall be reported by DoD personnel in accordance with
Enclosure 4 of DoDD 5240.06.
c. Failure to report FIE threats as identified in paragraph 3.a and section 5 of Enclosure 4 of
DoDD 5240.06 may result in judicial or administrative action or both pursuant to applicable law or policy.

Checks:

Check #1. Check to ensure all assigned site/organization personnel have received both initial and annual CIAR training in accordance with DoDD 5240.06.

Check #2. Check to ensure there are procedures for reporting possible threat information and that local threat assessments and warnings received are properly shared with the work force.

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments. Not applicable to a field/mobile environment.

Fix Text (F-36522r1_fix)
Background Information:

It is DoD policy that:
a. Initial and annual CI awareness and reporting (CIAR) training on the foreign intelligence entity (FIE) threat, methods, reportable information, and reporting procedures shall be provided to DoD personnel as outlined in Enclosure 3 of DoDD 5240.06, 17 May 11 .
b. Potential FIE threats to the DoD, its personnel, information, materiel, facilities, and
activities, or to U.S. national security shall be reported by DoD personnel in accordance with
Enclosure 4 of DoDD 5240.06.
c. Failure to report FIE threats as identified in paragraph 3.a and section 5 of Enclosure 4 of
DoDD 5240.06 may result in judicial or administrative action or both pursuant to applicable law or policy.

Fixes:

Ensure all assigned site/organization personnel have received both initial and annual CIAR training in accordance with DoDD 5240.06. Check to ensure there are procedures for reporting possible threat information and that local threat assessments and warnings received are properly shared with the work force.