Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-30931 | CS-02.02.01 | SV-40973r3_rule | Medium |
Description |
---|
Lack of appropriate training for managers of COMSEC accounts could result in the mismanagement of COMSEC records, inadequate physical protection and ultimately lead to the loss or compromise of COMSEC keying material. REFERENCES: DoD Manual 5200.01, Volume 1, 24 February 2012, SUBJECT: DoD Information Security Program: Overview, Classification, and Declassification DoD 5200.22-M (NISPOM), Section 4 NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AT-3, AT-4, and SC-1 NSA/CSS Policy Manual 3-16, Section III, paragraph 16 . CNSS Policy No.1, NATIONAL POLICY FOR SAFEGUARDING AND CONTROL OF COMSEC MATERIALS DoD Instruction 8523.01, Communications Security (COMSEC), April 22, 2008 CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND) |
STIG | Date |
---|---|
Traditional Security Checklist | 2020-08-26 |
Check Text ( C-39592r9_chk ) |
---|
Check for documented proof of COMSEC Custodian or hand receipt holder training. NOTES: 1. Formal training for primary COMSEC account holders must be completed within six months of being designated as COMSEC Custodian. 2. Ensure that any COMSEC account, materials or equipment being inspected is used for encryption of DoDIN assets. COMSEC accounts or items not used with DoDIN assets should not be inspected. |
Fix Text (F-34740r2_fix) |
---|
Documented proof of required COMSEC Custodian or hand receipt holder training must be available. Formal training of primary COMSEC account holders is required within 6-months of being appointed as COMSEC Custodian or alternate. Sub-Account or hand receipt holders may be trained by the sponsoring primary account COMSEC Custodian. |