Information Assurance - NIPRNET Connection Approval (CAP)

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-245779	IA-08.02.01	SV-245779r769999_rule		Medium

Description
Failure to meet security standards and have approval before connecting to the NIPRNET can result in a vulnerability to the DISN. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Encl C, para 18.a. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AC-3(1), AC-20 DoDI 8500.01, SUBJECT: Cybersecurity, March 14, 2014 DoD Instruction 8510.01, SUBJECT: Risk Management Framework (RMF) for DoD Information Technology (IT) CJCSI 6211.02D, DEFENSE INFORMATION SYSTEMS NETWORK (DISN) RESPONSIBILITIES, Encl B, para 2.f. and Encl D, para 5.j.(1) DISN Connection Process Guide: http://disa.mil/network-services/enterprise-connections/connection-process-guide

Description

Failure to meet security standards and have approval before connecting to the NIPRNET can result in a vulnerability to the DISN. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Encl C, para 18.a. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AC-3(1), AC-20 DoDI 8500.01, SUBJECT: Cybersecurity, March 14, 2014 DoD Instruction 8510.01, SUBJECT: Risk Management Framework (RMF) for DoD Information Technology (IT) CJCSI 6211.02D, DEFENSE INFORMATION SYSTEMS NETWORK (DISN) RESPONSIBILITIES, Encl B, para 2.f. and Encl D, para 5.j.(1) DISN Connection Process Guide: http://disa.mil/network-services/enterprise-connections/connection-process-guide

STIG	Date
Traditional Security Checklist	2022-09-22

Details

Check Text ( C-49210r769997_chk )
1. Check the NIPRNet connection approval package. Conduct a cursory review for any traditional security issues. 2. Ensure the approval is current. The approval must come from the DISN Connection Approval Office (CAO). TACTICAL ENVIRONMENT: The check is applicable. The ATO/ATC and associated documentation should be found in a fixed HQ location where the ISSM/ISSO are located. When possible, documentation should be requested/sought before departing on trips to tactical locations. Copies sent to the reviewers email (NIPR or SIPR depending on classification of document) can be used to validate compliance.

Check Text ( C-49210r769997_chk )

1. Check the NIPRNet connection approval package. Conduct a cursory review for any traditional security issues.

2. Ensure the approval is current. The approval must come from the DISN Connection Approval Office (CAO).

TACTICAL ENVIRONMENT: The check is applicable. The ATO/ATC and associated documentation should be found in a fixed HQ location where the ISSM/ISSO are located. When possible, documentation should be requested/sought before departing on trips to tactical locations. Copies sent to the reviewers email (NIPR or SIPR depending on classification of document) can be used to validate compliance.

Fix Text (F-49165r769998_fix)
1. The NIPRNet connection approval package must be complete and accurate and the approval to connect (ATC) or Interim Approval to Connect (IATC) must be current. 2. The approval must come from the DISN Connection Approval Office (CAO).