Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Traditional Security Checklist
CS-01.03.01
CS-01.03.01
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
CS-01.03.01
1 Rule
<GroupDescription></GroupDescription>
COMSEC Account Management - Appointment of Responsible Person
Low Severity
<VulnDiscussion>Lack of formal designation of an individual to be responsible for COMSEC items could result in mismanagement, loss or even compromise of COMSEC materials. Additionally, lack of formal vetting for a specific individual to be appointed for management of COMSEC material could result in a person (such as a non-US Citizen) having unauthorized access. REFERENCES: DoD Manual 5200.01, Volume 1, 24 February 2012, SUBJECT: DoD Information Security Program: Overview, Classification, and Declassification, Encl 3, paragraph 6.e. (3). DoD 5220.22-M (NISPOM), Section 4 DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP), paragraphs 6.5.d., 7.16. e. & f. and 8.2.b. (3) NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: IA-1, PL-1, PS-1, PS-2, and SC-1 NSA/CSS Policy Manual 3-16, Sections III, VI, X and XI CNSS Policy No.1, NATIONAL POLICY FOR SAFEGUARDING AND CONTROL OF COMSEC MATERIALS</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>