Counter-Intelligence Program - Training, Procedures and Incident Reporting
An XCCDF Rule
Description
<VulnDiscussion>Failure to establish a good working relationship with the supporting/local CI agency and lack of proper CI training for site/organization employees could result in not being informed of local threats and warnings leaving the organization vulnerable to the threat and/or a delay in reporting a possible incident involving reportable FIE-Associated Cyberspace Contacts, Activities, Indicators, and Behaviors, which could adversely impact the Confidentiality, Integrity, or Availability (CIA) of the DISN. REFERENCES: DoDD 5240.06, Counterintelligence Awareness and Reporting (CIAR), 17 May 11, Incorporating Change 2, July 21, 2017 Enclosure 3 and Enclosure 4. para 4.a. Satisfies: Counter-Intelligence Program - Training, Procedures and Incident Reporting</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245873r770281_rule
- Severity
- Low
- Updated
Remediation - Manual Procedure
Background Information:
It is DoD policy that:
a. Initial and annual CI awareness and reporting (CIAR) training on the foreign intelligence entity (FIE) threat, methods, reportable information, and reporting procedures shall be provided to DoD personnel as outlined in Enclosure 3 of DoDD 5240.06, 17 May 11 .
b. Potential FIE threats to the DoD, its personnel, information, materiel, facilities, and
activities, or to U.S. national security shall be reported by DoD personnel in accordance with