Foreign National (FN) Administrative Controls - Procedures for Requests to Provide Foreign Nationals System Access

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-31265	FN-05.02.02	SV-41516r3_rule		Medium

Description
Unauthorized access by foreign nationals to Information Systems can result in, among other things, security incidents, compromise of the system, or the introduction of a virus. REFERENCES: National Disclosure Policy - 1 (NDP-l) National Security Directive 42, "National Policy for the Security of National Security Telecommunications and Information Systems DODD 5230.11, Disclosure of Classified Military Information to Foreign Governments and International Organizations SPECIAL NOTE: Enclosure 3 to DODD 5230.11 establishes specific criteria for the disclosure of classified information. Use guidance on sharing information with REL Partners on SIPRNET at http://www.ssc.smil.mil/ - follow Policy/Guidance&Documentation link and then SIPRNet Information Sharing... DODD 5230.20; Visits, Assignments, and Exchanges of Foreign Nationals CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Encl C, paragraphs 26.c.(3) and 27.f. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: CA-1, AC-2, AC-3, PS-1, PS-2 and PS-3 DoDI 8500.01, SUBJECT: Cybersecurity, March 14, 2014 , Enclosure 3, paragraph 11. DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP), 3 April 2017 DoD Manual 5200.01, Volume 1, SUBJECT: DoD Information Security Program: Overview, Classification, and Declassification, Encl 2, para 9.j.(1). DoD Manual 5200.01, Volume 3, SUBJECT: DoD Information Security Program: Protection of Classified Information, Encl 7 DoD 8570.01-M, Information Assurance Workforce Improvement Program, para C.3.2.4.8.2, & AP1.19 DoD 5200.22-M (NISPOM), Incorporating Change 2, 18 May 2016, CHAPTER 10 International Security Requirements, Section 5. International Visits and Control of Foreign Nationals

Description

Unauthorized access by foreign nationals to Information Systems can result in, among other things, security incidents, compromise of the system, or the introduction of a virus. REFERENCES: National Disclosure Policy - 1 (NDP-l) National Security Directive 42, "National Policy for the Security of National Security Telecommunications and Information Systems DODD 5230.11, Disclosure of Classified Military Information to Foreign Governments and International Organizations SPECIAL NOTE: Enclosure 3 to DODD 5230.11 establishes specific criteria for the disclosure of classified information. Use guidance on sharing information with REL Partners on SIPRNET at http://www.ssc.smil.mil/ - follow Policy/Guidance&Documentation link and then SIPRNet Information Sharing... DODD 5230.20; Visits, Assignments, and Exchanges of Foreign Nationals CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Encl C, paragraphs 26.c.(3) and 27.f. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: CA-1, AC-2, AC-3, PS-1, PS-2 and PS-3 DoDI 8500.01, SUBJECT: Cybersecurity, March 14, 2014 , Enclosure 3, paragraph 11. DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP), 3 April 2017 DoD Manual 5200.01, Volume 1, SUBJECT: DoD Information Security Program: Overview, Classification, and Declassification, Encl 2, para 9.j.(1). DoD Manual 5200.01, Volume 3, SUBJECT: DoD Information Security Program: Protection of Classified Information, Encl 7 DoD 8570.01-M, Information Assurance Workforce Improvement Program, para C.3.2.4.8.2, & AP1.19 DoD 5200.22-M (NISPOM), Incorporating Change 2, 18 May 2016, CHAPTER 10 International Security Requirements, Section 5. International Visits and Control of Foreign Nationals

STIG	Date
Traditional Security Checklist	2020-08-26

Details

Check Text ( C-39994r3_chk )
Check to ensure there are local written procedures for when foreign national request access to U.S. systems. Validate the standards are correct. Ensure Foreign Nationals only hold IT positions authorized by regulation - primarily DoD 8570.01-M, IA Workforce Improvement Program. TACTICAL ENVIRONMENT: This check is applicable where REL partners/LN/FN are employed in a tactical environment with access to classified or unclassified US Systems or Coalition Systems.

Check Text ( C-39994r3_chk )

Check to ensure there are local written procedures for when foreign national request access to U.S. systems.

Validate the standards are correct.

Ensure Foreign Nationals only hold IT positions authorized by regulation - primarily DoD 8570.01-M, IA Workforce Improvement Program.

TACTICAL ENVIRONMENT: This check is applicable where REL partners/LN/FN are employed in a tactical environment with access to classified or unclassified US Systems or Coalition Systems.

Fix Text (F-35162r5_fix)
There must be local written procedures for when there is a foreign national request to access to U.S. systems. Foreign Nationals must only hold IT positions authorized by regulation. IAW DoD 8570.01-M: C3.2.4.8.2. ...LNs and Foreign Nationals (FNs) must comply with background investigation requirements and cannot be assigned to IAT Level III positions. TACTICAL ENVIRONMENT: This check is applicable where REL partners/LN/FN are employed in a tactical environment with access to classified or unclassified US Systems or Coalition Systems.

Fix Text (F-35162r5_fix)

There must be local written procedures for when there is a foreign national request to access to U.S. systems.

Foreign Nationals must only hold IT positions authorized by regulation. IAW DoD 8570.01-M: C3.2.4.8.2. ...LNs and Foreign Nationals (FNs) must comply with background investigation requirements and cannot be assigned to IAT Level III positions.

TACTICAL ENVIRONMENT: This check is applicable where REL partners/LN/FN are employed in a tactical environment with access to classified or unclassified US Systems or Coalition Systems.