UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Protected Distribution System (PDS) Documentation - Signed Approval


Overview

Finding ID Version Rule ID IA Controls Severity
V-30974 CS-05.03.01 SV-41017r3_rule Low
Description
A PDS that is not approved could cause an Information System Security Manager (ISSM), Authorizing Official (AO) and other concerned managerial personnel to not be fully aware of all vulnerabilities and residual risk of IA systems under their purview. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Enclosure C, paragraph 35.c. DoD 5200.22-M (NISPOM), Incorporating Change 2, 18 May 2016 Chapter 5, Section 4, paragraphs 5-402.c. and 5-403 DoD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DoD Information Security Program: Protection of Classified Information, Encl 4, para 3.b. and 4.a. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PE-4, SC-7, and SC-8 CNSSI No. 7003, September 2015, Protected Distribution Systems (PDS), Section I, paragraph 1., Section III, paragraph 5., Section 4, paragraph 11., Section V, paragraph 14., Section VIII, paragraphs 23.c. and 27.a., Section X, paragraphs 30.a & b., Section XI, paragraph 34.b.2) and Annex A.
STIG Date
Traditional Security Checklist 2020-08-26

Details

Check Text ( C-39637r7_chk )
Validate that:

1. The approval authority is the system Authorizing Official (AO), cognizant security office for contractors or other Department or Agency designee having Approval Authority for the installation and operation of the PDS and

2. A documented approval of the PDS is signed and dated by the current approval authority.

NOTE: In tactical environments mobile systems employing inter-shelter cabling need not be re-approved for each relocation if the relocation provides security comparable to that of the original approval. Otherwise, new approval must be obtained.
Fix Text (F-34784r6_fix)
1. The approval authority must be the system Authorizing Official (AO), cognizant security office for contractors or other Department or Agency designee having Approval Authority for the for the installation and operation of the PDS and

2. A documented approval of the PDS must be signed and dated by the current approval authority.

NOTE: In tactical environments mobile systems employing inter-shelter cabling need not be re-approved for each relocation if the relocation provides security comparable to that of the original approval. Otherwise, new approval must be obtained.