Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Traditional Security Checklist
CS-01.03.02
COMSEC Account Management - Program Management and Standards Compliance
COMSEC Account Management - Program Management and Standards Compliance
An XCCDF Rule
Details
Profiles
Prose
COMSEC Account Management - Program Management and Standards Compliance
Low Severity
<VulnDiscussion>Recipients of NSA or Service COMSEC accounts are responsible to properly maintain the accounts. Procedures covering security, transport, handling, etc., of COMSEC must be developed to supplement regulatory guidelines. NSA or sponsoring Services of the COMSEC accounts maintain oversight by conducting required inspections. If COMSEC accounts are not properly maintained and findings are noted during an inspection, they must be addressed properly and promptly. If this is not done, the integrity of COMSEC items may be adversely impacted, resulting in the loss or compromise of COMSEC equipment or key material. REFERENCES: DOD Manual 5200.01, Volume 1, 24 February 2012, SUBJECT: DOD Information Security Program: Overview, Classification, and Declassification, Encl 3, paragraph 6.e. (3). DOD 5220.22-M (NISPOM), Section 4 NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AU-1, CA-1, CA-2, CA-2(1), CA-2(2), CA-2(3), CA-5, CM-3(6), PL-1, PL-2(3), PL-7, SC-1, SC-12, SC-12(1), and SC-13 NSA/CSS Policy Manual 3-16, Sections III, VI, X and XI CNSS Policy No.1, NATIONAL POLICY FOR SAFEGUARDING AND CONTROL OF COMSEC MATERIALS DOD Instruction 8523.01, Communications Security (COMSEC), January 6, 2021 CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND)</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>