Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Traditional Security Checklist
IS-15.02.01
Classification Guides Must be Available for Programs and Systems for an Organization or Site
Classification Guides Must be Available for Programs and Systems for an Organization or Site
An XCCDF Rule
Details
Profiles
Prose
Classification Guides Must be Available for Programs and Systems for an Organization or Site
Medium Severity
<VulnDiscussion>Failure to have proper classification guidance available for Information Systems and/or associated programs run on them can result in the misclassification of information and ultimately lead to the loss or compromise of classified or sensitive information. REFERENCES: The Information Security Oversight Office (ISOO): http://www.archives.gov/isoo/ Implementing Directive for Protection of Classified (for Executive Order 13526), 32 CFR Parts 2001 and 2003 Classified National Security Information: Subpart B - § 2001.15 Classification guides. CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Enclosure C, paragraph 6.c. and paragraph 26.e. NIST Special Publication 800-53 (SP 800-53), Rev 4, Control: AC-3, IA-5, MP-5, MP-6, PE-2, PS-3, PS-6. DoD Manual 5200.01, Volume 1, 24 February 2012, SUBJECT: DoD Information Security Program: Overview, Classification, and Declassification, Enclosure 2, paragraph 9.h.; Enclosure 4; Enclosure 5 and Enclosure 6. DoD Manual 5200.01, Volume 2, 24 February 2012, SUBJECT: DoD Information Security Program: Marking of Classified Information; Enclosure 3, paragraph 2.a. DoD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DoD Information Security Program: Protection of Classified Information; Enclosure 6, paragraphs 4, 51 and Glossary. DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, paragraphs 4-101, 4-102, 4-103 and 7-102.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>