Validation Procedures for Security Clearance Issuance (Classified Systems and/or Physical Access Granted)
An XCCDF Rule
Description
<VulnDiscussion>Failure to properly verify security clearance status could result in an unauthorized person having access to a classified information system or an authorized person being unable to perform assigned duties. REFERENCES: DOD 8570.01-M, Information Assurance Workforce Improvement Program, 19 December 2005, Incorporating Change 4, 11/10/2015 CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND): Enclosure C, paragraphs 26.c.(2) (3) and 27.f.(5) (6) NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AC-1, MA-5, PE-2, PE-3, and PS-2 DOD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter 2, Section 2 and Chapter 8, Section 3, paragraph 8-302.a. Personnel Security. DOD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DOD Information Security Program: Protection of Classified Information: Enclosure 2, paragraphs 1 and 3 DOD Manual 5200.02, Procedures for the DOD Personnel Security Program (PSP), April 3, 2017, Paragraphs 3.1.c., 4.1. Civilian Personnel, 4.2. Military Personnel, 4.3. Contractors, 4.4. Consultants. 4.5. Non-U.S. Citizens Employed Overseas in Support of National Security Positions. 4.6. Temporary Employees, 5A.2. Verify Eligibility, and Glossary G.2. Definitions: LAA. Now Cancelled: DOD 5200.2-R, Personnel Security Program, Chapter 3, para C3.4.3., Chapter 7 para C7.1.2. C7.1.3. and Appendix 9, para AP9.2. & AP9.3.6.2. DODD 5230.20; Visits, Assignments, and Exchanges of Foreign Nationals Paragraph 4.4. DODD 5230.11, Disclosure of Classified Military Information to Foreign Governments and International Organizations SPECIAL NOTE: Enclosure 3 to DODD 5230.11 establishes specific criteria for the disclosure of classified information: Paragraphs 4.6.3., E2.1.4, Enclosure 3 and Enclosure 4.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245856r1008552_rule
- Severity
- Medium
- Updated
Remediation - Manual Procedure
Background Information:
When developing an organizational program to validate security clearance information for systems access and/or physical access to SIPRNet work environments, the first thing to consider is there are various categories of personnel and associated considerations with each one. These categories include: Military employees, Government Civilian employees, Contract employees, Foreign Nationals and Local National employees under a Status of Forces (SOFA) agreement and Visitors.
The minimum security clearance requirement for systems access to the SIPRNet or unescorted access to the physical environment surrounding SIPRNet system information technology assets is secret.