Skip to content
Log In

II - Mission Support Classified

Rules and Groups employed by this XCCDF Profile

  • EC-03.02.02

    Group
    Show

  • Environmental IA Controls - Emergency Power

    Failure to have alternative power sources available can result in significant impact to mission accomplishment and information technology systems including potential loss of data and damage to the ...
    Rule Medium Severity
    Show

  • EC-04.03.01

    Group
    Show

  • Environmental IA Controls - Training

    If employees have not received training on the environmental controls they will not be able to respond to a fluctuation of environmental conditions, which could damage equipment and ultimately disr...
    Rule Low Severity
    Show

  • EC-05.03.01

    Group
    Show

  • Environmental IA Controls - Temperature

    Lack of temperature controls can lead to fluctuations in temperature which could be potentially harmful to personnel or equipment operation. REFERENCES: DoD 5220.22-M (NISPOM), Incorporating Chan...
    Rule Low Severity
    Show

  • EC-06.03.01

    Group
    Show

  • Environmental IA Controls - Humidity

    Fluctuations in humidity can be potentially harmful to personnel or equipment causing the loss of services or productivity. REFERENCES: DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016...
    Rule Low Severity
    Show

  • EC-07.03.01

    Group
    Show

  • Environmental IA Controls - Fire Inspections/ Discrepancies

    Failure to conduct fire inspections and correct any discrepancies could result in hazardous situations leading to a possible fire and loss of service. REFERENCES: DoD 5220.22-M (NISPOM), Incorpor...
    Rule Low Severity
    Show

  • EC-08.03.01

    Group
    Show

  • Environmental IA Controls - Fire Detection and Suppression

    Failure to provide adequate fire detection and suppression could result in the loss of or damage to data, equipment, facilities, or personnel. REFERENCES: DoD 5220.22-M (NISPOM), Incorporating Ch...
    Rule Low Severity
    Show

  • EM-01.02.01

    Group
    Show

  • TEMPEST Countermeasures

    Failure to implement required TEMPEST countermeasures could leave the system(s) vulnerable to a TEMPEST attack. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE ...
    Rule Medium Severity
    Show

  • EM-02.02.01

    Group
    Show

  • TEMPEST - Red/Black separation (Processors)

    Failure to maintain proper separation could result in detectable emanations of classified information. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND ...
    Rule Medium Severity
    Show

  • EM-03.02.01

    Group
    Show

  • TEMPEST - Red/Black Separation (Cables)

    Failure to maintain proper separation could result in detectable emanations of classified information. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND ...
    Rule Medium Severity
    Show

  • FN-01.02.01

    Group
    Show

  • Foreign National System Access - Identification as FN in E-mail Address

    Unauthorized access by foreign nationals to Information Systems can result in, among other things, security incidents, compromise of the system, or the introduction of a virus. REFERENCES: Nation...
    Rule Medium Severity
    Show

  • FN-01.03.01

    Group
    Show

  • Foreign National System Access - Local Access Control Procedures

    Unauthorized access by foreign nationals to Information Systems can result in, among other things, security incidents, compromise of the system, or the introduction of a virus. REFERENCES: Nation...
    Rule Low Severity
    Show

  • FN-02.01.01

    Group
    Show

  • Foreign National (FN) Systems Access - Local Nationals Overseas System Access - (SIPRNet or Other Classified System or Classified Network being Reviewed)

    Failure to subject foreign nationals to background checks could result in the loss or compromise of classified or sensitive information by foreign sources. REFERENCES: National Disclosure Policy ...
    Rule High Severity
    Show

  • FN-02.02.01

    Group
    Show

  • Foreign National (FN) Systems Access - Local Nationals Overseas System Access - (NIPRNet User)

    Failure to subject foreign nationals to background checks could result in the loss or compromise of classified or sensitive information by foreign sources. REFERENCES: National Disclosure Policy ...
    Rule Medium Severity
    Show

  • FN-02.02.02

    Group
    Show

  • Foreign National (FN) Systems Access - Delegation of Disclosure Authority Letter (DDL)

    Unauthorized access by foreign nationals to Information Systems can result in, among other things, security incidents, compromise of the system, or the introduction of a virus. REFERENCES: Nation...
    Rule Medium Severity
    Show

  • FN-03.01.01

    Group
    Show

  • Foreign National System Access - FN or Immigrant Aliens (not representing a foreign government or entity) System Access - Limited Access Authorization (LAA)

    Failure to verify citizenship and proper authorization for access to either sensitive or classified information could enable personnel to have access to classified or sensitive information to which...
    Rule High Severity
    Show

  • FN-03.01.02

    Group
    Show

  • Foreign National (FN) System Access - FN or Immigrant Aliens (not representing a foreign government or entity) with LAA Granted Uncontrolled Access

    Failure to verify citizenship and proper authorization for access to either sensitive or classified information could enable personnel to have access to classified or sensitive information to which...
    Rule High Severity
    Show

  • FN-04.01.01

    Group
    Show

  • Foreign National (FN) Physical Access Control - Areas Containing US Only Information Systems Workstations/Monitor Screens, Equipment, Media or Documents

    Physically co-locating REL Partners or other FN - who have limited or no access to the SIPRNet or other US Classified systems - near US personnel in a collateral classified (Secret or higher) open ...
    Rule High Severity
    Show

  • FN-04.03.01

    Group
    Show

  • Foreign National (FN) Physical Access Control - (Identification Badges)

    Failure to limit access to information visible on system monitor screens in mixed US/FN environments can result in FN personnel having unauthorized access to classified information, which can resul...
    Rule Low Severity
    Show

  • FN-05.01.01

    Group
    Show

  • Foreign National (FN) Administrative Controls - Proper Investigation and Clearance for Access to Classified Systems and/or Information Assurance (IA) Positions of Trust

    Failure to validate that FN partners or employees have the required security clearance levels for access to classified systems and/or the proper level of background investigation for IA Positions o...
    Rule High Severity
    Show

  • FN-05.02.01

    Group
    Show

  • Foreign National (FN) Administrative Controls - Written Procedures and Employee Training

    Failure to limit access for Foreign Nationals to classified information can result in the loss or compromise of NOFORN information. Documented local policies and procedures concerning what informat...
    Rule Medium Severity
    Show

  • FN-05.02.02

    Group
    Show

  • Foreign National (FN) Administrative Controls - Procedures for Requests to Provide Foreign Nationals System Access

    Unauthorized access by foreign nationals to Information Systems can result in, among other things, security incidents, compromise of the system, or the introduction of a virus. REFERENCES: Nation...
    Rule Medium Severity
    Show

  • FN-05.03.01

    Group
    Show

  • Foreign National (FN) Administrative Controls - Contact Officer Appointment

    Failure to provide proper oversight of Foreign National partners or employees and limit access to classified and sensitive information can result in the loss or compromise of NOFORN information. R...
    Rule Low Severity
    Show

  • IA-01.03.01

    Group
    Show

  • Information Assurance - System Security Operating Procedures (SOPs)

    Failure to have documented procedures in an SOP could result in a security incident due to lack of knowledge by personnel assigned to the organization. REFERENCES: CJCSI 6510.01F, INFORMATION ASS...
    Rule Low Severity
    Show

  • IA-02.02.01

    Group
    Show

  • Information Assurance - COOP Plan and Testing (Not in Place for Information Technology Systems or Not Considered in the organizational Holistic Risk Assessment)

    Failure to develop a COOP and test it periodically can result in the partial or total loss of operations and INFOSEC. A contingency plan is necessary to reduce mission impact in the event of system...
    Rule Medium Severity
    Show

  • IA-02.03.01

    Group
    Show

  • Information Assurance - COOP Plan or Testing (Incomplete)

    Failure to develop a COOP and test it periodically can result in the partial or total loss of operations and INFOSEC. A contingency plan is necessary to reduce mission impact in the event of system...
    Rule Low Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules