Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Traditional Security Checklist
IS-14.02.01
Security Incident/Spillage - Lack of Procedures or Training for Handling and Reporting
Security Incident/Spillage - Lack of Procedures or Training for Handling and Reporting
An XCCDF Rule
Details
Profiles
Prose
Security Incident/Spillage - Lack of Procedures or Training for Handling and Reporting
Medium Severity
<VulnDiscussion>Failure to report possible security compromise can result in the impact of the loss or compromise of classified information not to be evaluated, responsibility affixed, or a plan of action developed to prevent recurrence of future incidents. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Enclosure C, paragraphs 6.k.(1), 9.c., 18.k.(e), 26.s.(6), 29. and 31.c. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AT-1, AT-2, AU-2, AU-7, AU-11, IR-1, IR-2, IR-4, IR-5, IR-6, IR-7, IR-8 and IR-9. DoDI 8500.01, SUBJECT: Cybersecurity, March 14, 2014, Enclosure 3, paragraph 7.g. and 19.d. DoD Manual 5200.01, Volume 3, SUBJECT: DoD Information Security Program: Protection of Classified Information: Enclosure 6, Appendix 1 to Encl 6, Appendix 2 to Encl 6 and Enclosure 7, paragraph 5. DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, paragraphs 1-303, 1-304, 1-400, 1-401 and 8-302.i. CNSSP No. 18, National Policy on Classified Information Spillage CNSSI 1001, National Instruction on Classified Information Spillage</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>