I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
PE-07.03.01
Group -
Out-processing Procedures for Departing or Terminated Employees (Military, Government Civilian and Contractor)
Failure to properly out-process through the security section allows the possibility of continued (unauthorized) access to the facility and/or the systems. REFERENCES: DoD Manual 5200.01, Volume 3...Rule Low Severity -
PE-08.02.01
Group -
Intrusion Detection System (IDS) Monitoring Station Personnel - Suitability Checks
Failure to subject personnel who monitor the IDS alarms to a trustworthiness determination can result in the inadvertent or deliberate unauthorized access to, or release of classified material. RE...Rule Medium Severity -
PE-08.02.02
Group -
Intrusion Detection System (IDS) Installation and Maintenance Personnel - Suitability Checks
Failure to subject personnel who install and maintain the IDS alarms to a trustworthiness determination can result in the inadvertent or deliberate unauthorized exposure to or release of classified...Rule Medium Severity -
PH-01.03.01
Group -
Physical Security Program - Physical Security Plan (PSP) and/or Systems Security Plan (SSP) Development and Implementation with Consideration/Focus on Protection of Information System Assets in the Physical Environment
Failure to have a well-documented Physical Security/Systems Security program will result in an increased risk to DoD Information Systems; including personnel, equipment, media, material and documen...Rule Low Severity -
PH-02.02.01
Group -
Risk Assessment -Holistic Review (site/environment/information systems)
Failure to conduct a risk analysis could result in not implementing an effective countermeasure to a vulnerability or wasting resources on ineffective measures leading to a possible loss of classif...Rule Medium Severity -
PH-03.02.01
Group -
Physical Protection of Unclassified Key System Devices/Computer Rooms in Large Processing Facilities
Allowing access to systems processing sensitive information by personnel without the need-to-know could permit loss, destruction of data or equipment or a denial of service. Loss could be accidenta...Rule Medium Severity -
PH-04.02.01
Group -
Restricted Area and Controlled Area Designation of Areas Housing Critical Information System Components or Classified /Sensitive Technology or Data
Failure to designate the areas housing the critical information technology systems as a restricted or controlled access area may result in inadequate protection being assigned during emergency acti...Rule Medium Severity -
PH-05.02.01
Group -
Security-in-Depth (AKA: Defense-in-Depth) - Minimum Physical Barriers and Access Control Measures for Facilities or Buildings Containing DoDIN (SIPRNet/NIPRNet) Connected Assets.
Failure to use security-in-depth can result in a facility being vulnerable to an undetected intrusion or an intrusion that cannot be responded to in a timely manner - or both. REFERENCES: CJCSI 6...Rule Medium Severity -
PH-06.02.01
Group -
Visitor Control - To Facility or Organization with Information System Assets Connected to the DISN
Failure to identify and control visitors could result in unauthorized personnel gaining access to the facility with the intent to compromise classified information, steal equipment, or damage equip...Rule Medium Severity -
PH-07.02.01
Group -
Sensitive Item Control - Keys, Locks and Access Cards Controlling Access to Information Systems (IS) or IS Assets Connected to the DISN
Lack of an adequate key/credential/access device control could result in unauthorized personnel gaining access to the facility or systems with the intent to compromise classified information, steal...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.