Skip to content

Information Security (INFOSEC) - Safe/Vault/Secure Room Management

An XCCDF Rule

Description

<VulnDiscussion>Lack of adequate or Improper procedures for management of safes/vaults and secure rooms could result in the loss or compromise of classified material. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Encl C, paragraphs 26.s.(5) and 34.c. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: MP-4 and PE-5 DoD Manual 5200.01, Volume 3, SUBJECT: DoD Information Security Program: Protection of Classified Information, Encl 2, para 9; Encl 3, para 1.b, 1.d., 6.b., 6.d., 7., 8., 9., 10., 11., 13., and 14. Information Security Oversight Office, 32 CFR Parts 2001 and 2003 Classified National Security Information; Final Rule: Subpart H - Standard Forms</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-245794r770044_rule
Severity
Medium
Updated



Remediation - Manual Procedure

All safes, vaults and/or secure rooms containing SIPRNet assets must adhere to the following proper management practices:

1. Only GSA-approved security containers are utilized. GSA-approved security containers and vault doors must have a label indicating "General Services Administration Approved Security Container," affixed to the front of the container, usually this is on the control or the top drawer of safes.

2. Combinations must be changed as required. This is recorded on the applicable SF 700 form and must be done: When placed in service, When someone with knowledge of the combination departs (unless other sufficient controls exist to prevent that individual's access to the lock), When compromise of the combination is suspected, or When taken out of service built-in combination locks shall be reset to the standard combination of 50-25-50.