Industrial Security - Contractor Visit Authorization Letters (VALs)
An XCCDF Rule
Description
Failure to require Visit Authorization Letters (VALs) for contractor visits could result in sensitive or classified materials being released to unauthorized personnel. REFERENCES: NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PE-2, PE-2(1), PE- 3, , PE-8, PS-3(1), PS-6(2) DOD Manual 5200.01, Volume 1, SUBJECT: DOD Information Security Program: Overview, Classification, and Declassification, Encl 2, para 9.k., 9.l. & 9.m. DOD Manual 5200.01, Volume 3, SUBJECT: DOD Information Security Program: Protection of Classified Information, Encl 2, para 7.a. DOD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter 6.
- ID
- SV-245792r917343_rule
- Version
- ID-02.03.01
- Severity
- Low
- Updated
Remediation Templates
A Manual Procedure
1. Written procedures must be developed that cover the requirements and process for VALs for contractors visiting and/or employed at government sites.
2. All government sites must have a VAL on file for each contractor visiting the site temporarily and also for permanent party contractors routinely working/physically employed at the site.
NOTES: