Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Traditional Security Checklist
PH-07.02.01
PH-07.02.01
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
PH-07.02.01
1 Rule
<GroupDescription></GroupDescription>
Sensitive Item Control - Keys, Locks and Access Cards Controlling Access to Information Systems (IS) or IS Assets Connected to the DISN
Medium Severity
<VulnDiscussion>Lack of an adequate key/credential/access device control could result in unauthorized personnel gaining access to the facility or systems with the intent to compromise classified information, steal equipment, or damage equipment or the facility. REFERENCES: UG 2040-SHR, User's Guide on Controlling Locks, Keys, and Access Cards and Best Practices - found on the DoD Lock Program site: https://www.navfac.navy.mil/content/dam/navfac/Specialty%20Centers/Engineering%20and%20Expeditionary%20Warfare%20Center/DoD_Lock_Program/PDFs/UG-2040-SHR.pdf DoD 5200.8-R Physical Security Program Chapter 2, para C2.1.4.4., C2.1.4.5., C2.1.4.8. and Chapter 3, para C3.3 and Pg 7, DL1.9 Personnel Identity Management and Protection DoD Manual 5200.08 Volume 3, Physical Security Program: Access to DoD Installations, 2 January 2019 DoD 5220.22-M (NISPOM), February 2006, Incorporating Change 2, May 18, 2016 Chapter 5, paragraphs 5-308, 5-310, 5-312, 5-313, 5-314 NIST Special Publication 800-53 (SP 800-53) Controls: IA-5, SC-12, MA-5, PE-2, PE-3, PS-4, PS-5 CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), 9 February 2011 Encl C, para 34. DoD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DoD Information Security Program: Protection of Classified Information Encl3, para 6.e.(1) (2) and Appendix to Encl 3, para 3.a. Satisfies: Sensitive Item Control - Keys, Locks and Access Cards</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>