The impact of CPCON changes on the cross-directory authentication configuration must be considered and procedures documented.

Description

<VulnDiscussion>When incidents occur that require a change in the Cyber Protection Conditions (CPCON) with the release of USSCI 5200-13 status, it may be necessary to take action to restrict or disable certain types of access based on a directory outside the Component's control. Cross-directory configurations (such as trusts and pass-through authentication) are specifically designed to enable resource access across directories. If conditions indicate an outside directory is at increased risk of compromise in the immediate or near future, actions to avoid a spread of the effects of the compromise must be taken. A trusted outside directory that is compromised could allow an unauthorized user to access resources in the trusting directory.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>