Skip to content
Log In

II - Mission Support Sensitive

Rules and Groups employed by this XCCDF Profile

  • IS-17.03.01

    Group
    Show

  • Classified Annual Review

    Failure to conduct the annual review and clean out day can result in an excessive amount of classified (including IS storage media) being on hand and therefore being harder to account for, resultin...
    Rule Low Severity
    Show

  • PE-01.03.01

    Group
    Show

  • Position of Trust - Knowledge of Responsibility to Self Report Derogatory Information

    Failure to inform personnel of the expected standards of conduct while holding a position of trust and their responsibility to self-report derogatory information to the organization security manage...
    Rule Low Severity
    Show

  • PE-01.03.02

    Group
    Show

  • Position of Trust - Local Policy Covering Employee Personal Standards of Conduct and Responsibilities

    Failure to inform personnel of the expected standards of conduct while holding a position of trust can result in conduct by the individual that will require them being removed from that position an...
    Rule Low Severity
    Show

  • PE-01.03.03

    Group
    Show

  • Position of Trust - Training Covering Employee Standards of Conduct and Personal Responsibilities

    Failure to inform personnel of the expected standards of conduct while holding a position of trust can result in conduct by the individual that will require them being removed from that position or...
    Rule Low Severity
    Show

  • PE-03.02.01

    Group
    Show

  • Validation Procedures for Security Clearance Issuance (Classified Systems and/or Physical Access Granted)

    Failure to properly verify security clearance status could result in an unauthorized person having access to a classified information system or an authorized person being unable to perform assigned...
    Rule Medium Severity
    Show

  • PE-07.03.01

    Group
    Show

  • Out-processing Procedures for Departing or Terminated Employees (Military, Government Civilian and Contractor)

    Failure to properly out-process through the security section allows the possibility of continued (unauthorized) access to the facility and/or the systems. REFERENCES: DoD Manual 5200.01, Volume 3...
    Rule Low Severity
    Show

  • PE-08.02.01

    Group
    Show

  • Intrusion Detection System (IDS) Monitoring Station Personnel - Suitability Checks

    Failure to subject personnel who monitor the IDS alarms to a trustworthiness determination can result in the inadvertent or deliberate unauthorized access to, or release of classified material. RE...
    Rule Medium Severity
    Show

  • PE-08.02.02

    Group
    Show

  • Intrusion Detection System (IDS) Installation and Maintenance Personnel - Suitability Checks

    Failure to subject personnel who install and maintain the IDS alarms to a trustworthiness determination can result in the inadvertent or deliberate unauthorized exposure to or release of classified...
    Rule Medium Severity
    Show

  • PH-01.03.01

    Group
    Show

  • Physical Security Program - Physical Security Plan (PSP) and/or Systems Security Plan (SSP) Development and Implementation with Consideration/Focus on Protection of Information System Assets in the Physical Environment

    Failure to have a well-documented Physical Security/Systems Security program will result in an increased risk to DoD Information Systems; including personnel, equipment, media, material and documen...
    Rule Low Severity
    Show

  • PH-02.02.01

    Group
    Show

  • Risk Assessment -Holistic Review (site/environment/information systems)

    Failure to conduct a risk analysis could result in not implementing an effective countermeasure to a vulnerability or wasting resources on ineffective measures leading to a possible loss of classif...
    Rule Medium Severity
    Show

  • PH-03.02.01

    Group
    Show

  • Physical Protection of Unclassified Key System Devices/Computer Rooms in Large Processing Facilities

    Allowing access to systems processing sensitive information by personnel without the need-to-know could permit loss, destruction of data or equipment or a denial of service. Loss could be accidenta...
    Rule Medium Severity
    Show

  • PH-04.02.01

    Group
    Show

  • Restricted Area and Controlled Area Designation of Areas Housing Critical Information System Components or Classified /Sensitive Technology or Data

    Failure to designate the areas housing the critical information technology systems as a restricted or controlled access area may result in inadequate protection being assigned during emergency acti...
    Rule Medium Severity
    Show

  • PH-05.02.01

    Group
    Show

  • Security-in-Depth (AKA: Defense-in-Depth) - Minimum Physical Barriers and Access Control Measures for Facilities or Buildings Containing DoDIN (SIPRNet/NIPRNet) Connected Assets.

    Failure to use security-in-depth can result in a facility being vulnerable to an undetected intrusion or an intrusion that cannot be responded to in a timely manner - or both. REFERENCES: CJCSI 6...
    Rule Medium Severity
    Show

  • PH-06.02.01

    Group
    Show

  • Visitor Control - To Facility or Organization with Information System Assets Connected to the DISN

    Failure to identify and control visitors could result in unauthorized personnel gaining access to the facility with the intent to compromise classified information, steal equipment, or damage equip...
    Rule Medium Severity
    Show

  • PH-07.02.01

    Group
    Show

  • Sensitive Item Control - Keys, Locks and Access Cards Controlling Access to Information Systems (IS) or IS Assets Connected to the DISN

    Lack of an adequate key/credential/access device control could result in unauthorized personnel gaining access to the facility or systems with the intent to compromise classified information, steal...
    Rule Medium Severity
    Show

  • PH-09.03.01

    Group
    Show

  • Physical Penetration Testing - of Facilities or Buildings Containing Information Systems (IS) Connected to the DISN

    Failure to periodically test facility/building security where Information Systems (IS) connected to the DISN are present could lead to the unauthorized access of an individual into the facility wit...
    Rule Low Severity
    Show

  • SM-01.03.01

    Group
    Show

  • Security and Cybersecurity Staff Appointment, Training/Certification and Suitability

    Failure to formally appoint security personnel and detail responsibilities, training and other requirements in the appointment notices could result in a weaken security program due to critical secu...
    Rule Medium Severity
    Show

  • SM-02.02.01

    Group
    Show

  • Security Training - Information Security (INFOSEC) for ALL Employees; Military, Government Civilian and Contractor

    Failure to provide security training to ALL employees results in a weak security program and could lead to the loss or compromise of classified or sensitive information. REFERENCES: DoD 5220.22-M...
    Rule Medium Severity
    Show

  • SM-03.03.01

    Group
    Show

  • Counter-Intelligence Program - Training, Procedures and Incident Reporting

    Failure to establish a good working relationship with the supporting/local CI agency and lack of proper CI training for site/organization employees could result in not being informed of local threa...
    Rule Low Severity
    Show

  • CS-01.01.01

    Group
    Show

  • COMSEC Account Management - Equipment and Key Storage

    Improper handling and storage of COMSEC material can result in the loss or compromise of classified cryptologic devices or classified key or unclassified COMSEC Controlled Items (CCI). REFERENCE...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules