II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
IS-06.03.01
Group -
Non-Disclosure Agreement - Standard Form 312: no person may have access to classified information unless that person has a security clearance in accordance with DODM 5200.02 and has signed a Standard Form (SF) 312, Classified Information Non-Disclosure Agreement (NDA), and access is essential to the accomplishment of a lawful and authorized Government function (i.e., has a need to know).
Failure to verify clearance and need-to-know and execute a nondisclosure agreement (NDA) before granting access to classified can result in unauthorized personnel having access to classified inform...Rule Low Severity -
IS-07.03.01
Group -
Handling of Classified Documents, Media, Equipment - Written Procedures and Training for when classified material/equipment is removed from a security container and/or secure room.
Failure to develop procedures and to train employees on protection of classified when removed from storage could lead to the loss or compromise of classified or sensitive information due to a lack ...Rule Low Severity -
IS-07.03.02
Group -
Handling of Classified - Use of Cover Sheets on Documents Removed from Secure Storage
Failure to protect readable classified information printed from classified systems such as SIPRNet when removed from secure storage can lead to the loss or compromise of classified or sensitive inf...Rule Low Severity -
IS-08.01.01
Group -
Classified Monitors/Displays (Physical Control of Classified Monitors From Unauthorized Viewing)
Failure to limit access to unauthorized personnel to information displayed on classified monitors/displays can result in the loss or compromise of classified information, including NOFORN informati...Rule High Severity -
IS-08.01.02
Group -
Monitor Screens - Disable Access by CAC or Token Removal, or Lock Computer via Ctrl/Alt/Del
The DoD Common Access Cards (CAC) a "smart" card, is the standard identification for active-duty military personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel. It...Rule High Severity -
IS-08.03.01
Group -
Classified Monitors/Displays (Procedures for Obscuration of Classified Monitors) - protection from uncleared persons or those without a need-to-know.
Failure to develop procedures and training for employees to cover responsibilities and methods for limiting the access of unauthorized personnel to classified information reflected on information s...Rule Low Severity -
IS-09.02.01
Group -
End-of-Day Checks - Organizations that process or store classified information must establish a system of security checks at the close of each duty and/or business day to ensure that any area where classified information is used or stored is secure. SF 701, Activity Security Checklist, shall be used to record such checks.
Failure to have written guidance to provide guidance for end-of-day (EOD) checks could lead to such checks not being properly conducted. If EOD checks are not properly conducted the loss or impro...Rule Medium Severity -
IS-10.01.01
Group -
Classified Reproduction - SIPRNet Connected Classified Multi-Functional Devices (MFD) located in Space Not Approved for Collateral Classified Open Storage.
Classified Multi-Functional Devices (MFD) include printers, copiers, scanners and facsimile capabilities and contain hard drives that maintain classified data or images. Failure to locate these de...Rule High Severity -
IS-10.02.01
Group -
Classified Reproduction - Following guidance for System to Media Transfer of Data from systems connected specifically to the SIPRNet In-Accordance-With (IAW) US CYBERCOM CTO 10-133A.
Failure to follow guidance for disabling removable media drives on devices connected to the SIPRNet or, if approved by the local AO, failure to follow US CYBERCOM procedures for using removable med...Rule Medium Severity -
IS-10.03.01
Group -
Classified Reproduction - Written Procedures for SIPRNet Connected Classified Multi-Functional Devices (MFD) located in Space Not Approved for Collateral Classified Open Storage. NOTE: This vulnerability concerns only PROCEDURES for the reproduction (printing, copying, scanning, faxing) of classified documents on Multi-Functional Devices (MFD) connected to the DoDIN.
Lack of or improper reproduction procedures for classified material could result in the loss or compromise of classified information. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SU...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.