Skip to content

I - Mission Critical Sensitive

Rules and Groups employed by this XCCDF Profile

  • EC-03.02.02

    <GroupDescription></GroupDescription>
    Group
  • Environmental IA Controls - Emergency Power

    &lt;VulnDiscussion&gt;Failure to have alternative power sources available can result in significant impact to mission accomplishment and informatio...
    Rule Medium Severity
  • EC-04.03.01

    <GroupDescription></GroupDescription>
    Group
  • Environmental IA Controls - Training

    &lt;VulnDiscussion&gt;If employees have not received training on the environmental controls they will not be able to respond to a fluctuation of en...
    Rule Low Severity
  • EC-05.03.01

    <GroupDescription></GroupDescription>
    Group
  • Environmental IA Controls - Temperature

    &lt;VulnDiscussion&gt;Lack of temperature controls can lead to fluctuations in temperature which could be potentially harmful to personnel or equip...
    Rule Low Severity
  • EC-06.03.01

    <GroupDescription></GroupDescription>
    Group
  • Environmental IA Controls - Humidity

    &lt;VulnDiscussion&gt;Fluctuations in humidity can be potentially harmful to personnel or equipment causing the loss of services or productivity. ...
    Rule Low Severity
  • EC-07.03.01

    <GroupDescription></GroupDescription>
    Group
  • Environmental IA Controls - Fire Inspections/ Discrepancies

    &lt;VulnDiscussion&gt;Failure to conduct fire inspections and correct any discrepancies could result in hazardous situations leading to a possible ...
    Rule Low Severity
  • EC-08.03.01

    <GroupDescription></GroupDescription>
    Group
  • Environmental IA Controls - Fire Detection and Suppression

    &lt;VulnDiscussion&gt;Failure to provide adequate fire detection and suppression could result in the loss of or damage to data, equipment, faciliti...
    Rule Low Severity
  • EM-01.02.01

    <GroupDescription></GroupDescription>
    Group
  • TEMPEST Countermeasures

    &lt;VulnDiscussion&gt;Failure to implement required TEMPEST countermeasures could leave the system(s) vulnerable to a TEMPEST attack. REFERENCES: ...
    Rule Medium Severity
  • EM-02.02.01

    <GroupDescription></GroupDescription>
    Group
  • TEMPEST - Red/Black separation (Processors)

    &lt;VulnDiscussion&gt;Failure to maintain proper separation could result in detectable emanations of classified information. REFERENCES: ...
    Rule Medium Severity
  • EM-03.02.01

    <GroupDescription></GroupDescription>
    Group
  • TEMPEST - Red/Black Separation (Cables)

    &lt;VulnDiscussion&gt;Failure to maintain proper separation could result in detectable emanations of classified information. REFERENCES: ...
    Rule Medium Severity
  • FN-01.02.01

    <GroupDescription></GroupDescription>
    Group
  • Foreign National System Access - Identification as FN in E-mail Address

    &lt;VulnDiscussion&gt;Unauthorized access by foreign nationals to Information Systems can result in, among other things, security incidents, compro...
    Rule Medium Severity
  • FN-01.03.01

    <GroupDescription></GroupDescription>
    Group
  • Foreign National System Access - Local Access Control Procedures

    &lt;VulnDiscussion&gt;Unauthorized access by foreign nationals to Information Systems can result in, among other things, security incidents, compro...
    Rule Low Severity
  • FN-02.01.01

    <GroupDescription></GroupDescription>
    Group
  • Foreign National (FN) Systems Access - Local Nationals Overseas System Access - (SIPRNet or Other Classified System or Classified Network being Reviewed)

    &lt;VulnDiscussion&gt;Failure to subject foreign nationals to background checks could result in the loss or compromise of classified or sensitive i...
    Rule High Severity
  • FN-02.02.01

    <GroupDescription></GroupDescription>
    Group
  • Foreign National (FN) Systems Access - Local Nationals Overseas System Access - (NIPRNet User)

    &lt;VulnDiscussion&gt;Failure to subject foreign nationals to background checks could result in the loss or compromise of classified or sensitive i...
    Rule Medium Severity
  • FN-02.02.02

    <GroupDescription></GroupDescription>
    Group
  • Foreign National (FN) Systems Access - Delegation of Disclosure Authority Letter (DDL)

    &lt;VulnDiscussion&gt;Unauthorized access by foreign nationals to Information Systems can result in, among other things, security incidents, compro...
    Rule Medium Severity
  • FN-03.01.01

    <GroupDescription></GroupDescription>
    Group
  • Foreign National System Access - FN or Immigrant Aliens (not representing a foreign government or entity) System Access - Limited Access Authorization (LAA)

    &lt;VulnDiscussion&gt;Failure to verify citizenship and proper authorization for access to either sensitive or classified information could enable ...
    Rule High Severity
  • FN-03.01.02

    <GroupDescription></GroupDescription>
    Group
  • Foreign National (FN) System Access - FN or Immigrant Aliens (not representing a foreign government or entity) with LAA Granted Uncontrolled Access

    &lt;VulnDiscussion&gt;Failure to verify citizenship and proper authorization for access to either sensitive or classified information could enable ...
    Rule High Severity
  • FN-04.01.01

    <GroupDescription></GroupDescription>
    Group
  • Foreign National (FN) Physical Access Control - Areas Containing US Only Information Systems Workstations/Monitor Screens, Equipment, Media or Documents

    &lt;VulnDiscussion&gt;Physically co-locating REL Partners or other FN - who have limited or no access to the SIPRNet or other US Classified systems...
    Rule High Severity
  • FN-04.03.01

    <GroupDescription></GroupDescription>
    Group
  • Foreign National (FN) Physical Access Control - (Identification Badges)

    &lt;VulnDiscussion&gt;Failure to limit access to information visible on system monitor screens in mixed US/FN environments can result in FN personn...
    Rule Low Severity
  • FN-05.01.01

    <GroupDescription></GroupDescription>
    Group
  • Foreign National (FN) Administrative Controls - Proper Investigation and Clearance for Access to Classified Systems and/or Information Assurance (IA) Positions of Trust

    &lt;VulnDiscussion&gt;Failure to validate that FN partners or employees have the required security clearance levels for access to classified system...
    Rule High Severity
  • FN-05.02.01

    <GroupDescription></GroupDescription>
    Group
  • Foreign National (FN) Administrative Controls - Written Procedures and Employee Training

    &lt;VulnDiscussion&gt;Failure to limit access for Foreign Nationals to classified information can result in the loss or compromise of NOFORN inform...
    Rule Medium Severity
  • FN-05.02.02

    <GroupDescription></GroupDescription>
    Group
  • Foreign National (FN) Administrative Controls - Procedures for Requests to Provide Foreign Nationals System Access

    &lt;VulnDiscussion&gt;Unauthorized access by foreign nationals to Information Systems can result in, among other things, security incidents, compro...
    Rule Medium Severity
  • FN-05.03.01

    <GroupDescription></GroupDescription>
    Group
  • Foreign National (FN) Administrative Controls - Contact Officer Appointment

    &lt;VulnDiscussion&gt;Failure to provide proper oversight of Foreign National partners or employees and limit access to classified and sensitive in...
    Rule Low Severity
  • IA-01.03.01

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - System Security Operating Procedures (SOPs)

    &lt;VulnDiscussion&gt;Failure to have documented procedures in an SOP could result in a security incident due to lack of knowledge by personnel ass...
    Rule Low Severity
  • IA-02.02.01

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - COOP Plan and Testing (Not in Place for Information Technology Systems or Not Considered in the organizational Holistic Risk Assessment)

    &lt;VulnDiscussion&gt;Failure to develop a COOP and test it periodically can result in the partial or total loss of operations and INFOSEC. A conti...
    Rule Medium Severity
  • IA-02.03.01

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - COOP Plan or Testing (Incomplete)

    &lt;VulnDiscussion&gt;Failure to develop a COOP and test it periodically can result in the partial or total loss of operations and INFOSEC. A conti...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules