I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
IS-02.01.07
<GroupDescription></GroupDescription>Group -
Information Security (INFOSEC) - Secure Room Storage Standards - Intrusion Detection System (IDS)
<VulnDiscussion>Failure to meet standards for maintenance and validation of structural integrity of the physical perimeter surrounding a secu...Rule High Severity -
IS-02.01.08
<GroupDescription></GroupDescription>Group -
Information Security (INFOSEC) - Secure Room Storage Standards - Balanced Magnetic Switch (BMS) on Perimeter Doors
<VulnDiscussion>Failure to meet standards for ensuring that there is structural integrity of the physical perimeter surrounding a secure room...Rule High Severity -
IS-02.01.09
<GroupDescription></GroupDescription>Group -
Information Security (INFOSEC) - Secure Room Storage Standards - Interior Motion Detection
<VulnDiscussion>Failure to meet standards for ensuring that there is structural integrity of the physical perimeter surrounding a secure room...Rule High Severity -
IS-02.01.10
<GroupDescription></GroupDescription>Group -
Information Security (INFOSEC) - Secure Room Storage Standards - Four (4) Hour Random Checks in Lieu of Using Intrusion Detection System (IDS)
<VulnDiscussion>Failure to meet standards for ensuring that there is structural integrity of the physical perimeter surrounding a secure room...Rule High Severity -
IS-02.01.11
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - IDS Transmission Line Security
<VulnDiscussion>Failure to meet standards for ensuring integrity of the intrusion detection system signal transmission supporting a secure ro...Rule High Severity -
IS-02.01.12
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - IDS Access/Secure Control Units Must be Located within the Secure Room Space
<VulnDiscussion>Failure to ensure that IDS Access and Secure Control Units used to activate and deactivate alarms (primarily motion detectors...Rule High Severity -
IS-02.01.13
<GroupDescription></GroupDescription>Group -
Information Security (IS) - Continuous Operations Facility: Access Control Monitoring Methods
<VulnDiscussion>Failure to control door access to a Continuous Operations Facility containing classified SIPRNET assets may result in immedia...Rule High Severity -
IS-02.01.14
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - Access Control During Working Hours Using Visual Control OR Automated Entry Control System (AECS) with PIN / Biometrics
<VulnDiscussion>Failure to properly monitor and control collateral classified open storage area access doors during working hours (while the ...Rule High Severity -
IS-02.01.15
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - Automated Entry Control System (AECS) and Intrusion Detection System (IDS) Head-End Equipment Protection: The physical location (room or area) containing AECS and IDS head-end equipment (server and/or work station/monitoring equipment) where authorization, personal identification or verification data is input, stored, or recorded and/or where system status/alarms are monitored must be physically protected.
<VulnDiscussion>Inadequate physical protection of Intrusion Detection System or Automated Entry Control System servers, data base storage dri...Rule High Severity -
IS-02.02.01
<GroupDescription></GroupDescription>Group -
Information Security (INFOSEC) - Secure Room Storage Standards - Structural Integrity Checks
<VulnDiscussion>Failure to ensure that there is structural integrity of the physical perimeter surrounding a secure room (AKA: collateral cla...Rule Medium Severity -
IS-02.02.02
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - IDS Performance Verification
<VulnDiscussion>Failure to test IDS functionality on a periodic basis could result in undetected alarm sensor or other system failure. This ...Rule Medium Severity -
IS-02.02.03
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - Masking of IDS Sensors Displayed at the Intrusion Detection System (IDS) Monitoring Station
<VulnDiscussion>Failure to meet standards for the display of masked alarm sensors at the IDS monitoring station could result in the location ...Rule Medium Severity -
IS-02.02.04
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - IDS Alarm Monitoring Indicators, both audible and visual (Alarm Status) must be displayed for each sensor or alarmed zone at the monitoring station.
<VulnDiscussion>Failure to meet standards for the display of audible and visual alarm indicators at the IDS monitoring station could result i...Rule Medium Severity -
IS-02.02.05
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - Intrusion Detection System (IDS) / Automated Entry Control System (AECS) Primary and Emergency Power Supply
<VulnDiscussion>Failure to meet standards for ensuring that there is an adequate commercial and back-up power sources for IDS/AECS with unint...Rule Medium Severity -
IS-02.02.06
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - Intrusion Detection System and Automated Entry Control System (IDS/AECS) Component Tamper Protection
<VulnDiscussion>Failure to tamper protect IDS/AECS component enclosures and access points external to protected vaults/secure rooms space cou...Rule Medium Severity -
IS-02.02.07
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - Primary IDS Monitoring Location Outside the Monitored Space
<VulnDiscussion>Failure to locate the alarm monitoring station at an external location; at a safe distance from the space being monitored, to...Rule Medium Severity -
IS-02.02.08
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - Automated Entry Control System (AECS) Records Maintenance, which includes documented procedures for granting and removal of access.
<VulnDiscussion>Failure to document procedures for removal of access and inadequate maintenance of access records for both active and removed...Rule Medium Severity -
IS-02.02.09
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - Automated Entry Control System (AECS) Transmission Line Security: AECS Transmission lines traversing an uncontrolled area (not within at least a Secret Controlled Access Area (CAA) ) shall use line supervision OR Electrical, mechanical, or electromechanical access control devices, which do not constitute an AECS that are used to control access during duty hours must have all electrical components, that traverse outside minimally a Secret Controlled Access Area (CAA), secured within conduit.
<VulnDiscussion>Persons not vetted to at least the same level of classification residing on the information systems being protected by the AE...Rule Medium Severity -
IS-02.02.10
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - Automated Entry Control System (AECS) Door Locks: Electric Strikes and/or Magnetic Locking devices used in access control systems shall be heavy duty, industrial grade and be configured to fail secure in the event of a total loss of power (primary and backup).
<VulnDiscussion>There are a variety of locking mechanisms that may be used to secure both primary and secondary doors for vaults and classifi...Rule Medium Severity -
IS-02.02.11
<GroupDescription></GroupDescription>Group -
Information Security (INFOSEC) - Secure Room Storage Standards - Perimeter Construction using Proper Permanent Construction Materials for True Ceiling, Walls and Floors.
<VulnDiscussion>Failure to meet standards for ensuring that there is structural integrity of the physical Perimeter surrounding a secure room...Rule Medium Severity -
IS-02.03.01
<GroupDescription></GroupDescription>Group -
Vault/Secure Room Storage Standards - Automated Entry Control System (AECS) Keypad Device Protection: Keypad devices designed or installed in a manner that an unauthorized person in the immediate vicinity cannot observe the selection of input numbers.
<VulnDiscussion>If someone were to successfully observe an authorized user's selection of numbers for their PIN at an entrance to a classifie...Rule Low Severity -
IS-03.02.01
<GroupDescription></GroupDescription>Group -
Marking Classified - Equipment, Documents or Media: In a classified operating environment, all unclassified items must be marked in addition to all classified items.
<VulnDiscussion>Failure to properly mark classified material could result in the loss or compromise of classified information. REFERENCES: ...Rule Medium Severity -
IS-03.03.01
<GroupDescription></GroupDescription>Group -
Marking Classified - Local or Enclave Classified Marking Procedures must be developed to ensure employees are familiar with appropriate organization Security Classification Guides (SCG), how to obtain guidance for marking classified documents, media and equipment, and where associated forms, classified cover sheets, labels, stamps, wrapping material for classified shipment, etc. can be obtained.
<VulnDiscussion>Failure to properly mark classified material could result in the loss or compromise of classified information. REFERENCES: ...Rule Low Severity -
IS-04.03.01
<GroupDescription></GroupDescription>Group -
Classified Working Papers are properly marked, destroyed when no longer needed, or treated as a finished document after 180 days.
<VulnDiscussion>Failure to properly mark or handle classified documents can lead to the loss or compromise of classified or sensitive informa...Rule Low Severity -
IS-05.01.01
<GroupDescription></GroupDescription>Group -
Storage/Handling of Classified Documents, Media, Equipment - must be under continuous personal protection and control of an authorized (cleared) individual OR guarded or stored in an approved locked security container (safe), vault, secure room, collateral classified open storage area or SCIF.
<VulnDiscussion>Failure to store classified in an approved container OR to properly protect classified when removed from storage can lead to ...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.