UCF STIG Viewer Logo

Counter-Intelligence Program - Training, Procedures and Incident Reporting


Overview

Finding ID Version Rule ID IA Controls Severity
V-245873 SM-03.03.01 SV-245873r770281_rule Low
Description
Failure to establish a good working relationship with the supporting/local CI agency and lack of proper CI training for site/organization employees could result in not being informed of local threats and warnings leaving the organization vulnerable to the threat and/or a delay in reporting a possible incident involving reportable FIE-Associated Cyberspace Contacts, Activities, Indicators, and Behaviors, which could adversely impact the Confidentiality, Integrity, or Availability (CIA) of the DISN. REFERENCES: DoDD 5240.06, Counterintelligence Awareness and Reporting (CIAR), 17 May 11, Incorporating Change 2, July 21, 2017 Enclosure 3 and Enclosure 4. para 4.a. Satisfies: Counter-Intelligence Program - Training, Procedures and Incident Reporting
STIG Date
Traditional Security Checklist 2022-09-22

Details

Check Text ( C-49304r770279_chk )
Background Information:

It is DoD policy that:
a. Initial and annual CI awareness and reporting (CIAR) training on the foreign intelligence entity (FIE) threat, methods, reportable information, and reporting procedures shall be provided to DoD personnel as outlined in Enclosure 3 of DoDD 5240.06, 17 May 11 .
b. Potential FIE threats to the DoD, its personnel, information, materiel, facilities, and
activities, or to U.S. national security shall be reported by DoD personnel in accordance with
Enclosure 4 of DoDD 5240.06.
c. Failure to report FIE threats as identified in paragraph 3.a and section 5 of Enclosure 4 of
DoDD 5240.06 may result in judicial or administrative action or both pursuant to applicable law or policy.

Checks:

Check #1. Check to ensure all assigned site/organization personnel have received both initial and annual CIAR training in accordance with DoDD 5240.06.

Check #2. Check to ensure there are procedures for reporting possible threat information and that local threat assessments and warnings received are properly shared with the work force.

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments. Not applicable to a field/mobile environment.
Fix Text (F-49259r770280_fix)
Background Information:

It is DoD policy that:
a. Initial and annual CI awareness and reporting (CIAR) training on the foreign intelligence entity (FIE) threat, methods, reportable information, and reporting procedures shall be provided to DoD personnel as outlined in Enclosure 3 of DoDD 5240.06, 17 May 11 .
b. Potential FIE threats to the DoD, its personnel, information, materiel, facilities, and
activities, or to U.S. national security shall be reported by DoD personnel in accordance with
Enclosure 4 of DoDD 5240.06.
c. Failure to report FIE threats as identified in paragraph 3.a and section 5 of Enclosure 4 of
DoDD 5240.06 may result in judicial or administrative action or both pursuant to applicable law or policy.

Fixes:

Ensure all assigned site/organization personnel have received both initial and annual CIAR training in accordance with DoDD 5240.06. Further, ensure there are procedures for reporting possible threat information and that local threat assessments and warnings received are properly shared with the work force.