TEMPEST Countermeasures
An XCCDF Rule
Description
<VulnDiscussion>Failure to implement required TEMPEST countermeasures could leave the system(s) vulnerable to a TEMPEST attack. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND) DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter 11 NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AC-18, PE-19(1), and SC-8 Committee on National Security Systems Policy 300, "National Policy on Control of Compromising Emanations," April 2004, as amended Committee on National Security Systems Instruction 7000, "TEMPEST Countermeasures for Facilities," May 2004, as amended DoDI 8500.01, SUBJECT: Cybersecurity, March 14, 2014</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245754r822821_rule
- Severity
- Medium
- Updated
Remediation - Manual Procedure
1. Where TEMPEST is required to be considered a Certified TEMPEST Technical Authority (CTTA) must evaluate Emanation Security concerns and recommended countermeasures from this evaluation must be properly applied.
2. Where TEMPEST is required an assessment of TEMPEST risk and applicability of countermeasures must be included in the site risk assessment and the supporting CTTA must be consulted.
NOTE: TEMPEST countermeasures are required based on the geographical location and classification level processed. TEMPEST considerations apply to all OCONUS locations and select CONUS locations.