Traditional Security Checklist
Rules, Groups, and Values defined within the XCCDF Benchmark
-
CS-01.01.01
Group -
COMSEC Account Management - Equipment and Key Storage
Improper handling and storage of COMSEC material can result in the loss or compromise of classified cryptologic devices or classified key or unclassified COMSEC Controlled Items (CCI). REFERENCE...Rule High Severity -
COMSEC Account Management - Appointment of Responsible Person
Lack of formal designation of an individual to be responsible for COMSEC items could result in mismanagement, loss or even compromise of COMSEC materials. Additionally, lack of formal vetting for ...Rule Low Severity -
Classified Transmission - Electronic Means using Cryptographic System Authorized by the Director, NSA
Failure to properly encrypt classified data in transit can lead to the loss or compromise of classified or sensitive information. REFERENCES: DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 Ma...Rule High Severity -
Protected Distribution System (PDS) Construction - Point of Presence (PoP) and Terminal Equipment Protection. This requirement concerns security of both the starting and ending points for PDS within proper physically protected and access controlled environments.
A PDS that is not constructed and physically protected as required could result in the covert or undetected interception of classified information. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURAN...Rule High Severity -
Protected Distribution System (PDS) Construction - Buried PDS Carrier
Buried carriers are normally used to extend a PDS between CAAs that are located in different buildings. As with other Category 2 PDS the unencrypted data cables must be installed in a carrier. A PD...Rule High Severity -
Protected Distribution System (PDS) Construction - Alarmed Carrier
A PDS that is not constructed and configured as required could result in the covert or undetected interception of classified information. An Alarmed Carrier is one of five types of Category 2 PDS....Rule High Severity -
Protected Distribution System (PDS) Documentation - Signed Approval
A PDS that is not approved could cause an Information System Security Manager (ISSM), Authorizing Official (AO) and other concerned managerial personnel to not be fully aware of all vulnerabilities...Rule Low Severity -
Protected Distribution System (PDS) Documentation - Request for Approval Documentation
A PDS that is not approved could cause an Information System Security Manager (ISSM), Authorizing Official (AO) and other concerned managerial personnel to not be fully aware of all vulnerabilities...Rule Low Severity -
Protected Distribution System (PDS) Monitoring - Reporting Incidents
A PDS that is not inspected, monitored and maintained as required could result in undetected access, sabotage or tampering of the unencrypted transmission lines. This could directly lead to the los...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.