Skip to content

I - Mission Critical Classified

Rules and Groups employed by this XCCDF Profile

  • IS-06.03.01

    <GroupDescription></GroupDescription>
    Group
  • Non-Disclosure Agreement - Standard Form 312: no person may have access to classified information unless that person has a security clearance in accordance with DODM 5200.02 and has signed a Standard Form (SF) 312, Classified Information Non-Disclosure Agreement (NDA), and access is essential to the accomplishment of a lawful and authorized Government function (i.e., has a need to know).

    &lt;VulnDiscussion&gt;Failure to verify clearance and need-to-know and execute a nondisclosure agreement (NDA) before granting access to classified...
    Rule Low Severity
  • IS-07.03.01

    <GroupDescription></GroupDescription>
    Group
  • Handling of Classified Documents, Media, Equipment - Written Procedures and Training for when classified material/equipment is removed from a security container and/or secure room.

    &lt;VulnDiscussion&gt;Failure to develop procedures and to train employees on protection of classified when removed from storage could lead to the ...
    Rule Low Severity
  • IS-07.03.02

    <GroupDescription></GroupDescription>
    Group
  • Handling of Classified - Use of Cover Sheets on Documents Removed from Secure Storage

    &lt;VulnDiscussion&gt;Failure to protect readable classified information printed from classified systems such as SIPRNet when removed from secure s...
    Rule Low Severity
  • IS-08.01.01

    <GroupDescription></GroupDescription>
    Group
  • Classified Monitors/Displays (Physical Control of Classified Monitors From Unauthorized Viewing)

    &lt;VulnDiscussion&gt;Failure to limit access to unauthorized personnel to information displayed on classified monitors/displays can result in the ...
    Rule High Severity
  • IS-08.01.02

    <GroupDescription></GroupDescription>
    Group
  • Monitor Screens - Disable Access by CAC or Token Removal, or Lock Computer via Ctrl/Alt/Del

    &lt;VulnDiscussion&gt;The DoD Common Access Cards (CAC) a "smart" card, is the standard identification for active-duty military personnel, Selected...
    Rule High Severity
  • IS-08.03.01

    <GroupDescription></GroupDescription>
    Group
  • Classified Monitors/Displays (Procedures for Obscuration of Classified Monitors) - protection from uncleared persons or those without a need-to-know.

    &lt;VulnDiscussion&gt;Failure to develop procedures and training for employees to cover responsibilities and methods for limiting the access of una...
    Rule Low Severity
  • IS-09.02.01

    <GroupDescription></GroupDescription>
    Group
  • End-of-Day Checks - Organizations that process or store classified information must establish a system of security checks at the close of each duty and/or business day to ensure that any area where classified information is used or stored is secure. SF 701, Activity Security Checklist, shall be used to record such checks.

    &lt;VulnDiscussion&gt;Failure to have written guidance to provide guidance for end-of-day (EOD) checks could lead to such checks not being properl...
    Rule Medium Severity
  • IS-10.01.01

    <GroupDescription></GroupDescription>
    Group
  • Classified Reproduction - SIPRNet Connected Classified Multi-Functional Devices (MFD) located in Space Not Approved for Collateral Classified Open Storage.

    &lt;VulnDiscussion&gt;Classified Multi-Functional Devices (MFD) include printers, copiers, scanners and facsimile capabilities and contain hard dri...
    Rule High Severity
  • IS-10.02.01

    <GroupDescription></GroupDescription>
    Group
  • Classified Reproduction - Following guidance for System to Media Transfer of Data from systems connected specifically to the SIPRNet In-Accordance-With (IAW) US CYBERCOM CTO 10-133A.

    &lt;VulnDiscussion&gt;Failure to follow guidance for disabling removable media drives on devices connected to the SIPRNet or, if approved by the lo...
    Rule Medium Severity
  • IS-10.03.01

    <GroupDescription></GroupDescription>
    Group
  • Classified Reproduction - Written Procedures for SIPRNet Connected Classified Multi-Functional Devices (MFD) located in Space Not Approved for Collateral Classified Open Storage. NOTE: This vulnerability concerns only PROCEDURES for the reproduction (printing, copying, scanning, faxing) of classified documents on Multi-Functional Devices (MFD) connected to the DoDIN.

    &lt;VulnDiscussion&gt;Lack of or improper reproduction procedures for classified material could result in the loss or compromise of classified info...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules