Protected Distribution System (PDS) Construction - Visible for Inspection and Marked

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-30940	CS-04.02.01	SV-40982r4_rule		Medium

Description
A PDS that is not completely visible for inspection and easily identified cannot be properly inspected and monitored as required, which could result in undetected access, sabotage or tampering of the unencrypted transmission lines. This could directly lead to the loss or compromise of classified. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Enclosure C, paragraph 35.c. DoD 5200.22-M (NISPOM), Incorporating Change 2, 18 May 2016 Chapter 5, Section 4, paragraphs 5-402.c. and 5-403 DoD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DoD Information Security Program: Protection of Classified Information, Encl 4, para 3.b. and 4.a. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PE-4, SC-7, SC-8, and RA-6 CNSSI No. 7003, September 2015, Protected Distribution Systems (PDS), Section VIII, paragraphs 23.c. and 24.

Description

A PDS that is not completely visible for inspection and easily identified cannot be properly inspected and monitored as required, which could result in undetected access, sabotage or tampering of the unencrypted transmission lines. This could directly lead to the loss or compromise of classified. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Enclosure C, paragraph 35.c. DoD 5200.22-M (NISPOM), Incorporating Change 2, 18 May 2016 Chapter 5, Section 4, paragraphs 5-402.c. and 5-403 DoD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DoD Information Security Program: Protection of Classified Information, Encl 4, para 3.b. and 4.a. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PE-4, SC-7, SC-8, and RA-6 CNSSI No. 7003, September 2015, Protected Distribution Systems (PDS), Section VIII, paragraphs 23.c. and 24.

STIG	Date
Traditional Security Checklist	2020-08-26

Details

Check Text ( C-39600r6_chk )
Check to ensure: 1. The PDS is visible for inspection. The Category 2 (Hardened) carrier should be installed in plain view to meet both Visual and Technical inspection requirements. 2. The PDS is not installed above a false ceiling, below a false floor, or inside a wall unless it is clear that all portions within the wall, above the ceiling or below the floor are inspectable by means identified in the PDS approval request. NOTE: If the PDS cannot be installed in plain view, or is rendered un-inspectable, then the PDS must be an alarmed carrier. 3. The PDS is marked to make it easily identifiable to the inspector. The markings should be placed at sufficient intervals to facilitate inspections, however, intervals shall not exceed 3 meters (approximately 10 feet). 4. The PDS markings consist of tape, paint, cable tags, or any other suitable method that does not obscure or impair inspection. 5. The PDS is not labeled as a PDS, or labeled with text that would indicate that it carries National Security Information (NSI). 6. The markings are not red, since this color is often used to identify fire sprinkler systems, fire alarm wires, and NSI. 7. The PDS is not painted unless using a distribution system that has a factory painted coating.

Check Text ( C-39600r6_chk )

Check to ensure:

1. The PDS is visible for inspection. The Category 2 (Hardened) carrier should be installed in plain view to meet both Visual and Technical inspection requirements.

2. The PDS is not installed above a false ceiling, below a false floor, or inside a wall unless it is clear that all portions within the wall, above the ceiling or below the floor are inspectable by means identified in the PDS approval request.

NOTE: If the PDS cannot be installed in plain view, or is rendered un-inspectable, then the PDS must be an alarmed carrier.

3. The PDS is marked to make it easily identifiable to the inspector. The markings should be placed at sufficient intervals to facilitate inspections, however, intervals shall not exceed 3 meters (approximately 10 feet).

4. The PDS markings consist of tape, paint, cable tags, or any other suitable method that does not obscure or impair inspection.

5. The PDS is not labeled as a PDS, or labeled with text that would indicate that it carries National Security Information (NSI).

6. The markings are not red, since this color is often used to identify fire sprinkler systems, fire alarm wires, and NSI.

7. The PDS is not painted unless using a distribution system that has a factory painted coating.

Fix Text (F-34750r6_fix)
1. The PDS must be visible for inspection. The Category 2 (Hardened) carrier should be installed in plain view to meet both Visual and Technical inspection requirements. 2. The PDS should not be installed above a false ceiling, below a false floor, or inside a wall unless it is clear that all portions within the wall, above the ceiling or below the floor are inspectable by means identified in the PDS approval request. NOTE: If the PDS cannot be installed in plain view, or is rendered un-inspectable, then the PDS must be an alarmed carrier. 3. The PDS must be marked to make it easily identifiable to the inspector. The markings should be placed at sufficient intervals to facilitate inspections, however, intervals shall not exceed 3 meters (approximately 10 feet). 4. The PDS markings must consist of tape, paint, cable tags, or any other suitable method that does not obscure or impair inspection. 5. The PDS must not be labeled as a PDS, or labeled with text that would indicate that it carries National Security Information (NSI). 6. The markings must not be red, since this color is often used to identify fire sprinkler systems, fire alarm wires, and NSI. 7. The PDS must not be painted unless using a distribution system that has a factory painted coating.

Fix Text (F-34750r6_fix)

1. The PDS must be visible for inspection. The Category 2 (Hardened) carrier should be installed in plain view to meet both Visual and Technical inspection requirements.

2. The PDS should not be installed above a false ceiling, below a false floor, or inside a wall unless it is clear that all portions within the wall, above the ceiling or below the floor are inspectable by means identified in the PDS approval request.

NOTE: If the PDS cannot be installed in plain view, or is rendered un-inspectable, then the PDS must be an alarmed carrier.

3. The PDS must be marked to make it easily identifiable to the inspector. The markings should be placed at sufficient intervals to facilitate inspections, however, intervals shall not exceed 3 meters (approximately 10 feet).

4. The PDS markings must consist of tape, paint, cable tags, or any other suitable method that does not obscure or impair inspection.

5. The PDS must not be labeled as a PDS, or labeled with text that would indicate that it carries National Security Information (NSI).

6. The markings must not be red, since this color is often used to identify fire sprinkler systems, fire alarm wires, and NSI.

7. The PDS must not be painted unless using a distribution system that has a factory painted coating.