II - Mission Support Classified
Rules and Groups employed by this XCCDF Profile
-
IS-16.02.04
Group -
Controlled Unclassified Information - Encryption of Data at Rest
Failure to handle CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Executive Order 13556, Controlled Unclassified Information (CUI) The Inform...Rule Medium Severity -
IS-16.02.05
Group -
Controlled Unclassified Information - Transmission by either Physical or Electronic Means
Failure to handle/transmit CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Executive Order 13556, Controlled Unclassified Information (CUI) T...Rule Medium Severity -
IS-16.02.06
Group -
Controlled Unclassified Information - Posting Only on Web-Sites with Appropriate Encryption; not on Publicly Accessible Web-Sites.
Failure to handle CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Executive Order 13556, Controlled Unclassified Information (CUI) The Inform...Rule Medium Severity -
IS-16.03.01
Group -
Controlled Unclassified Information (CUI) - Local Policy and Procedure
Failure to handle CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Executive Order 13556, Controlled Unclassified Information (CUI) The Inform...Rule Low Severity -
IS-16.03.02
Group -
Controlled Unclassified Information - Marking/Labeling Media within Unclassified Environments (Not Mixed with Classified)
Failure to mark CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Executive Order 13556, Controlled Unclassified Information (CUI) The Informat...Rule Low Severity -
IS-17.03.01
Group -
Classified Annual Review
Failure to conduct the annual review and clean out day can result in an excessive amount of classified (including IS storage media) being on hand and therefore being harder to account for, resultin...Rule Low Severity -
PE-01.03.01
Group -
Position of Trust - Knowledge of Responsibility to Self Report Derogatory Information
Failure to inform personnel of the expected standards of conduct while holding a position of trust and their responsibility to self-report derogatory information to the organization security manage...Rule Low Severity -
PE-01.03.02
Group -
Position of Trust - Local Policy Covering Employee Personal Standards of Conduct and Responsibilities
Failure to inform personnel of the expected standards of conduct while holding a position of trust can result in conduct by the individual that will require them being removed from that position an...Rule Low Severity -
PE-01.03.03
Group -
Position of Trust - Training Covering Employee Standards of Conduct and Personal Responsibilities
Failure to inform personnel of the expected standards of conduct while holding a position of trust can result in conduct by the individual that will require them being removed from that position or...Rule Low Severity -
PE-03.02.01
Group -
Validation Procedures for Security Clearance Issuance (Classified Systems and/or Physical Access Granted)
Failure to properly verify security clearance status could result in an unauthorized person having access to a classified information system or an authorized person being unable to perform assigned...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.