II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
IA-03.02.01
Group -
Information Assurance - System Security Incidents (Identifying, Reporting, and Handling)
Failure to recognize, investigate and report information systems security incidents could result in the loss of confidentiality, integrity, and availability of the systems and its data. REFERENCES...Rule Medium Severity -
IA-05.02.01
Group -
Information Assurance - System Access Control Records (DD Form 2875 or equivalent)
If accurate records of authorized users are not maintained, then unauthorized personnel could have access to the system. Failure to have user sign an agreement may preclude disciplinary actions if ...Rule Medium Severity -
IA-06.02.01
Group -
Information Assurance - System Training and Certification/ IA Personnel
Improperly trained personnel can cause serious system-wide/network-wide problems that render a system/network unstable. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPU...Rule Medium Severity -
IA-06.02.02
Group -
Information Assurance/Cybersecurity Training for System Users
Improperly trained personnel can cause serious system-wide/network-wide problems that render a system/network unstable. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPU...Rule Medium Severity -
IA-07.02.01
Group -
Information Assurance - Accreditation Documentation
Failure to provide the proper documentation can lead to a system connecting without all proper safeguards in place, creating a threat to the networks. REFERENCES: CJCSI 6510.01F, INFORMATION ASSU...Rule Medium Severity -
IA-10.02.01
Group -
Information Assurance - KVM or A/B Switch not listed on the NIAP U.S. Government Approved Protection Products Compliance List (PCL) for Peripheral Sharing Switches
Failure to use tested and approved switch boxes can result in the loss or compromise of classified information. REFERENCES: NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: SC-3 and...Rule Medium Severity -
IA-10.02.02
Group -
Information Assurance - KVM Switch (Port Separation) on CYBEX/Avocent 4 or 8 port
The back plate of some 4 or 8 port CYBEX/AVOCENT KVM devices provides a physical connection between adjacent ports. Therefore failure to provide for physical port separation between SIPRNet (classi...Rule Medium Severity -
IA-10.02.03
Group -
Information Assurance - KVM Switch Use of Hot-Keys on SIPRNet Connected Devices
Use of "Hot Keys" for switching between devices relies on use of software to separate and switch between the devices. Unless software use involves an approved Cross Domain Solution (CDS) it can re...Rule Medium Severity -
IA-10.03.01
Group -
Information Assurance - Authorizing Official (AO) and DoDIN Connection Approval Office (CAO) Approval Documentation for use of KVM and A/B switches for Sharing of Classified and Unclassified Peripheral Devices
Failure to request approval for connection of existing or additional KVM or A/B devices (switch boxes) for use in switching between classified (e.g., SIPRNet) devices and unclassified devices (e.g....Rule Low Severity -
IA-11.01.01
Group -
Information Assurance - Classified Portable Electronic Devices (PEDs) Connected to the SIPRNet must be Authorized, Compliant with NSA Guidelines, and be Configured for Data at Rest (DAR) Protection
Finding unauthorized and/or improperly configured wireless devices (PEDs) connected to and/or operating on the SIPRNet is a security incident and could directly result in the loss or compromise of ...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.