Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • CS-01.03.01

    <GroupDescription></GroupDescription>
    Group
  • COMSEC Account Management - Appointment of Responsible Person

    &lt;VulnDiscussion&gt;Lack of formal designation of an individual to be responsible for COMSEC items could result in mismanagement, loss or even co...
    Rule Low Severity
  • CS-01.03.02

    <GroupDescription></GroupDescription>
    Group
  • COMSEC Account Management - Program Management and Standards Compliance

    &lt;VulnDiscussion&gt;Recipients of NSA or Service COMSEC accounts are responsible to properly maintain the accounts. Procedures covering security,...
    Rule Low Severity
  • CS-02.02.01

    <GroupDescription></GroupDescription>
    Group
  • COMSEC Training - COMSEC Custodian or Hand Receipt Holder

    &lt;VulnDiscussion&gt;Lack of appropriate training for managers of COMSEC accounts could result in the mismanagement of COMSEC records and inadequa...
    Rule Medium Severity
  • CS-02.02.02

    <GroupDescription></GroupDescription>
    Group
  • COMSEC Training - COMSEC User

    &lt;VulnDiscussion&gt;Failure to properly brief COMSEC users could result in the loss of cryptologic devices or key, or the compromise of classifie...
    Rule Medium Severity
  • CS-03.01.01

    <GroupDescription></GroupDescription>
    Group
  • Classified Transmission - Electronic Means using Cryptographic System Authorized by the Director, NSA

    &lt;VulnDiscussion&gt;Failure to properly encrypt classified data in transit can lead to the loss or compromise of classified or sensitive informat...
    Rule High Severity
  • CS-04.01.01

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Point of Presence (PoP) and Terminal Equipment Protection. This requirement concerns security of both the starting and ending points for PDS within proper physically protected and access controlled environments.

    &lt;VulnDiscussion&gt;A PDS that is not constructed and physically protected as required could result in the covert or undetected interception of c...
    Rule High Severity
  • CS-04.01.02

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Hardened Carrier

    &lt;VulnDiscussion&gt;A PDS that is not constructed and configured as required could result in the undetected interception of classified informatio...
    Rule High Severity
  • CS-04.01.03

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Pull Box Security

    &lt;VulnDiscussion&gt;A PDS that is not constructed and configured as required could result in the undetected interception of classified informatio...
    Rule High Severity
  • CS-04.01.04

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Buried PDS Carrier

    &lt;VulnDiscussion&gt;Buried carriers are normally used to extend a PDS between CAAs that are located in different buildings. As with other Categor...
    Rule High Severity
  • CS-04.01.05

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - External Suspended PDS

    &lt;VulnDiscussion&gt;Suspended carriers (Exterior PDS) are a Category 2 PDS option used to extend a PDS between Controlled Access Areas (CAAs) tha...
    Rule High Severity
  • CS-04.01.06

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Continuously Viewed Carrier

    &lt;VulnDiscussion&gt;A PDS that is not constructed and configured as required could result in the undetected interception of classified informatio...
    Rule High Severity
  • CS-04.01.07

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Tactical Environment Application

    &lt;VulnDiscussion&gt;A PDS that is not constructed and configured as required could result in the undetected interception of classified informatio...
    Rule High Severity
  • CS-04.01.08

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Alarmed Carrier

    &lt;VulnDiscussion&gt;A PDS that is not constructed and configured as required could result in the covert or undetected interception of classified ...
    Rule High Severity
  • CS-04.02.01

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Visible for Inspection and Marked

    &lt;VulnDiscussion&gt;A PDS that is not completely visible for inspection and easily identified cannot be properly inspected and monitored as requi...
    Rule Medium Severity
  • CS-04.02.02

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Sealed Joints

    &lt;VulnDiscussion&gt;A PDS that is not constructed and sealed as required could result in the undetected interception of classified information. ...
    Rule Medium Severity
  • CS-05.03.01

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Documentation - Signed Approval

    &lt;VulnDiscussion&gt;A PDS that is not approved could cause an Information System Security Manager (ISSM), Authorizing Official (AO) and other con...
    Rule Low Severity
  • CS-05.03.02

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Documentation - Request for Approval Documentation

    &lt;VulnDiscussion&gt;A PDS that is not approved could cause an Information System Security Manager (ISSM), Authorizing Official (AO) and other con...
    Rule Low Severity
  • CS-06.02.01

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Monitoring - Daily (Visual) Checks

    &lt;VulnDiscussion&gt;A PDS that is not inspected, monitored and maintained as required could result in undetected access, sabotage or tampering of...
    Rule Medium Severity
  • CS-06.02.02

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Monitoring - Reporting Incidents

    &lt;VulnDiscussion&gt;A PDS that is not inspected, monitored and maintained as required could result in undetected access, sabotage or tampering of...
    Rule Medium Severity
  • CS-06.03.01

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Monitoring - Technical Inspections

    &lt;VulnDiscussion&gt;A PDS that is not inspected, monitored and maintained as required could result in undetected access, sabotage or tampering of...
    Rule Low Severity
  • CS-06.03.02

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Monitoring - Initial Inspection

    &lt;VulnDiscussion&gt;A PDS that is not inspected, monitored and maintained as required could result in undetected access, sabotage or tampering of...
    Rule Low Severity
  • EC-01.02.01

    <GroupDescription></GroupDescription>
    Group
  • Environmental IA Controls - Emergency Power Shut-Off (EPO)

    &lt;VulnDiscussion&gt;A lack of an emergency shut-off switch or a master power switch for electricity to IT equipment could cause damage to the equ...
    Rule Medium Severity
  • EC-02.02.01

    <GroupDescription></GroupDescription>
    Group
  • Environmental IA Controls - Emergency Lighting and Exits - Properly Installed

    &lt;VulnDiscussion&gt;Lack of automatic emergency lighting and exits can cause injury and/or death to employees and emergency responders. Lack of a...
    Rule Medium Severity
  • EC-02.03.01

    <GroupDescription></GroupDescription>
    Group
  • Environmental IA Controls - Emergency Lighting and Exits - Documentation and Testing

    &lt;VulnDiscussion&gt;Lack of automatic emergency lighting can cause injury and/or death to employees and emergency responders. Lack of automatic e...
    Rule Low Severity
  • EC-03.03.01

    <GroupDescription></GroupDescription>
    Group
  • Environmental IA Controls - Voltage Control (power)

    &lt;VulnDiscussion&gt;Failure to use automatic voltage control can result in damage to the IT equipment creating a service outage. REFERENCES: Do...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules