I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
FN-03.01.02
<GroupDescription></GroupDescription>Group -
Foreign National (FN) System Access - FN or Immigrant Aliens (not representing a foreign government or entity) with LAA Granted Uncontrolled Access
<VulnDiscussion>Failure to verify citizenship and proper authorization for access to either sensitive or classified information could enable ...Rule High Severity -
FN-04.01.01
<GroupDescription></GroupDescription>Group -
Foreign National (FN) Physical Access Control - Areas Containing US Only Information Systems Workstations/Monitor Screens, Equipment, Media or Documents
<VulnDiscussion>Physically co-locating REL Partners or other FN - who have limited or no access to the SIPRNet or other US Classified systems...Rule High Severity -
FN-04.03.01
<GroupDescription></GroupDescription>Group -
Foreign National (FN) Physical Access Control - (Identification Badges)
<VulnDiscussion>Failure to limit access to information visible on system monitor screens in mixed US/FN environments can result in FN personn...Rule Low Severity -
FN-05.01.01
<GroupDescription></GroupDescription>Group -
Foreign National (FN) Administrative Controls - Proper Investigation and Clearance for Access to Classified Systems and/or Information Assurance (IA) Positions of Trust
<VulnDiscussion>Failure to validate that FN partners or employees have the required security clearance levels for access to classified system...Rule High Severity -
FN-05.02.01
<GroupDescription></GroupDescription>Group -
Foreign National (FN) Administrative Controls - Written Procedures and Employee Training
<VulnDiscussion>Failure to limit access for Foreign Nationals to classified information can result in the loss or compromise of NOFORN inform...Rule Medium Severity -
FN-05.02.02
<GroupDescription></GroupDescription>Group -
Foreign National (FN) Administrative Controls - Procedures for Requests to Provide Foreign Nationals System Access
<VulnDiscussion>Unauthorized access by foreign nationals to Information Systems can result in, among other things, security incidents, compro...Rule Medium Severity -
FN-05.03.01
<GroupDescription></GroupDescription>Group -
Foreign National (FN) Administrative Controls - Contact Officer Appointment
<VulnDiscussion>Failure to provide proper oversight of Foreign National partners or employees and limit access to classified and sensitive in...Rule Low Severity -
IA-01.03.01
<GroupDescription></GroupDescription>Group -
Information Assurance - System Security Operating Procedures (SOPs)
<VulnDiscussion>Failure to have documented procedures in an SOP could result in a security incident due to lack of knowledge by personnel ass...Rule Low Severity -
IA-02.02.01
<GroupDescription></GroupDescription>Group -
Information Assurance - COOP Plan and Testing (Not in Place for Information Technology Systems or Not Considered in the organizational Holistic Risk Assessment)
<VulnDiscussion>Failure to develop a COOP and test it periodically can result in the partial or total loss of operations and INFOSEC. A conti...Rule Medium Severity -
IA-02.03.01
<GroupDescription></GroupDescription>Group -
Information Assurance - COOP Plan or Testing (Incomplete)
<VulnDiscussion>Failure to develop a COOP and test it periodically can result in the partial or total loss of operations and INFOSEC. A conti...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.