Intrusion Detection System (IDS) Monitoring Station Personnel - Suitability Checks
An XCCDF Rule
Description
<VulnDiscussion>Failure to subject personnel who monitor the IDS alarms to a trustworthiness determination can result in the inadvertent or deliberate unauthorized access to, or release of classified material. REFERENCES: DoD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DoD Information Security Program: Protection of Classified Information Appendix to Enclosure 3, para 2.f.(1)&(2) DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter 5, Section 9, paragraphs 5-902.b. & 5-906 NIST Special Publication 800-53 (SP 800-53) Control: PS-2 and PS-3 CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), 9 February 2011 Encl A para 7.f. and Encl D Reference q Legacy DOD 5200.2-R; Personnel Security Program Paragraph C3.1.2.1.2.5. Current DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP) 3 April 2017, Paragraph 4.1.a.(3)</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245861r822922_rule
- Severity
- Medium
- Updated
Remediation - Manual Procedure
Ensure that IDS - protecting vaults, secure rooms, alarmed Protected Distribution Systems (PDS), or other spaces containing SIPRNet assets - is monitored by U.S. personnel who have been subject to a trustworthiness check IAW DoD Manual 5200.02.
For Industrial Security (Contractor sites) ONLY:
Minimally, SECRET-cleared central station employees shall be in attendance at the alarm monitoring station in sufficient number to monitor each alarmed area within the cleared contractor facility IAW NISPOM requirements.