Traditional Security Checklist

IS-06.03.01

Non-Disclosure Agreement - Standard Form 312: no person may have access to classified information unless that person has a security clearance in accordance with DODM 5200.02 and has signed a Standard Form (SF) 312, Classified Information Non-Disclosure Agreement (NDA), and access is essential to the accomplishment of a lawful and authorized Government function (i.e., has a need to know).

IS-07.03.01

Handling of Classified Documents, Media, Equipment - Written Procedures and Training for when classified material/equipment is removed from a security container and/or secure room.

IS-07.03.02

Handling of Classified - Use of Cover Sheets on Documents Removed from Secure Storage

IS-08.01.01

Classified Monitors/Displays (Physical Control of Classified Monitors From Unauthorized Viewing)

IS-08.01.02

Monitor Screens - Disable Access by CAC or Token Removal, or Lock Computer via Ctrl/Alt/Del

IS-08.03.01

Classified Monitors/Displays (Procedures for Obscuration of Classified Monitors) - protection from uncleared persons or those without a need-to-know.

IS-09.02.01

End-of-Day Checks - Organizations that process or store classified information must establish a system of security checks at the close of each duty and/or business day to ensure that any area where classified information is used or stored is secure. SF 701, Activity Security Checklist, shall be used to record such checks.

IS-10.01.01

Classified Reproduction - SIPRNet Connected Classified Multi-Functional Devices (MFD) located in Space Not Approved for Collateral Classified Open Storage.

IS-10.02.01

Classified Reproduction - Following guidance for System to Media Transfer of Data from systems connected specifically to the SIPRNet In-Accordance-With (IAW) US CYBERCOM CTO 10-133A.

IS-10.03.01

Classified Reproduction - Written Procedures for SIPRNet Connected Classified Multi-Functional Devices (MFD) located in Space Not Approved for Collateral Classified Open Storage. NOTE: This vulnerability concerns only PROCEDURES for the reproduction (printing, copying, scanning, faxing) of classified documents on Multi-Functional Devices (MFD) connected to the DoDIN.

IS-11.01.01

Destruction of Classified Documents Printed from the SIPRNet Using Approved Devices on NSA Evaluated Products Lists (EPL).

IS-11.01.02

Classified Material Destruction - Improper Disposal of Automated Information System (AIS) Hard Drives and Storage Media

IS-11.02.01

Classified Destruction - Hard Drive and Storage Media Sanitization Devices and Plans are not Available for disposal of Automated Information System (AIS) Equipment On-Hand

IS-11.03.01

Destruction of Classified and Unclassified Documents, Equipment and Media - Availability of Local Policy and Procedures

IS-13.02.01

Classified Emergency Destruction Plans - Develop and Make Available

IS-14.02.01

Security Incident/Spillage - Lack of Procedures or Training for Handling and Reporting

IS-15.02.01

Classification Guides Must be Available for Programs and Systems for an Organization or Site

IS-16.02.01

Controlled Unclassified Information (CUI) - Employee Education and Training

IS-16.02.02

Controlled Unclassified Information - Document, Hard Drive and Media Disposal

IS-16.02.03

Controlled Unclassified Information - Handling, Storage and Controlling Access to Areas where CUI is Processed or Maintained

IS-16.02.04

Controlled Unclassified Information - Encryption of Data at Rest

IS-16.02.05

Controlled Unclassified Information - Transmission by either Physical or Electronic Means

IS-16.02.06

Controlled Unclassified Information - Posting Only on Web-Sites with Appropriate Encryption; not on Publicly Accessible Web-Sites.

IS-16.03.01

Controlled Unclassified Information (CUI) - Local Policy and Procedure

IS-16.03.02

Controlled Unclassified Information - Marking/Labeling Media within Unclassified Environments (Not Mixed with Classified)