Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32607 | SM-03.03.01 | SV-42944r2_rule | DCSD-1 PRTN-1 | Low |
Description |
---|
Failure to establish a good working relationship with the supporting/local CI agency and lack of proper CI training for site/organization employees could result in not being informed of local threats and warnings leaving the organization vulnerable to the threat and/or a delay in reporting a possible incident involving reportable FIE-Associated Cyberspace Contacts, Activities, Indicators, and Behaviors, which could adversely impact the Confidnetiality, Intergity or Availability (CIA) of the DISN. . |
STIG | Date |
---|---|
Traditional Security | 2013-07-11 |
Check Text ( C-41046r2_chk ) |
---|
Background Information: It is DoD policy that: a. Initial and annual CI awareness and reporting (CIAR) training on the foreign intelligence entity (FIE) threat, methods, reportable information, and reporting procedures shall be provided to DoD personnel as outlined in Enclosure 3 of DoDD 5240.06, 17 May 11 . b. Potential FIE threats to the DoD, its personnel, information, materiel, facilities, and activities, or to U.S. national security shall be reported by DoD personnel in accordance with Enclosure 4 of DoDD 5240.06. c. Failure to report FIE threats as identified in paragraph 3.a and section 5 of Enclosure 4 of DoDD 5240.06 may result in judicial or administrative action or both pursuant to applicable law or policy. Checks: Check #1. Check to ensure all assigned site/organization personnel have received both initial and annual CIAR training in accordance with DoDD 5240.06. Check #2. Check to ensure there are procedures for reporting possible threat information and that local threat assessments and warnings received are properly shared with the work force. TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments. Not applicable to a field/mobile environment. |
Fix Text (F-36522r1_fix) |
---|
Background Information: It is DoD policy that: a. Initial and annual CI awareness and reporting (CIAR) training on the foreign intelligence entity (FIE) threat, methods, reportable information, and reporting procedures shall be provided to DoD personnel as outlined in Enclosure 3 of DoDD 5240.06, 17 May 11 . b. Potential FIE threats to the DoD, its personnel, information, materiel, facilities, and activities, or to U.S. national security shall be reported by DoD personnel in accordance with Enclosure 4 of DoDD 5240.06. c. Failure to report FIE threats as identified in paragraph 3.a and section 5 of Enclosure 4 of DoDD 5240.06 may result in judicial or administrative action or both pursuant to applicable law or policy. Fixes: Ensure all assigned site/organization personnel have received both initial and annual CIAR training in accordance with DoDD 5240.06. Check to ensure there are procedures for reporting possible threat information and that local threat assessments and warnings received are properly shared with the work force. |