STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Protected Distribution System (PDS) Monitoring - Reporting Incidents

DISA Rule

SV-41023r3_rule

Vulnerability Number

V-30979

Group Title

PDS Monitoring - Reporting Incidents

Rule Version

CS-06.02.02

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

1. A procedure must be written that covers how to handle all possible types of potential PDS incidents.

2. ALL incidents of suspected or actual tampering, penetration, or unauthorized interception must be reported immediately to the PDS Approving Authority and the local security/law enforcement authority.

3. Subject to law enforcement procedures, which take precedence, the PDS must not be used until the incident is assessed and its security status determined.

4. If discontinued use of the PDS is or was not practical, all users of impacted PDS must be notified of the possible breach in security and instructed that use of systems running on the PDS be limited to the greatest extent possible.

5. All discoveries must be documented and such documentation retained indefinitely -for as long as the PDS remains functional.

Check Contents

1. Check to ensure there are procedures written that cover how to handle all possible types of potential PDS incidents.

2. Check daily and technical inspection results (logs) for evidence of discovered PDS anomalies.

3. Ensure any incidents of tampering, penetration, or unauthorized interception were reported immediately to the PDS Approving Authority and the local security/law enforcement authority.

4. Subject to law enforcement procedures, which take precedence, check to ensure the PDS was not used until the incident was assessed and its security status determined.

5. If discontinued use of the PDS is or was not practical, check to ensure users of all impacted PDS were notified of the possible breach in security, and instructed that use of systems running on the PDS be limited to the greatest extent possible.

6. Discovery of an anomaly in the PDS that is not properly reported and resolved is a finding. All discoveries must be documented and such documentation retained indefinitely -for as long as the PDS remains functional.

NOTES:

1. This check is applicable to tactical environments. Incidents of possible tampering must be reported to the PDS approving authority in as expeditious a manner as possible.

2. Even if there is no finding, in the reviewer notes provide a brief note of any reported incidents or anomalies previously noted by the site, including the date it was initially noted.

Vulnerability Number

V-30979

Documentable

False

Rule Version

CS-06.02.02

Severity Override Guidance

1. Check to ensure there are procedures written that cover how to handle all possible types of potential PDS incidents.

2. Check daily and technical inspection results (logs) for evidence of discovered PDS anomalies.

3. Ensure any incidents of tampering, penetration, or unauthorized interception were reported immediately to the PDS Approving Authority and the local security/law enforcement authority.

4. Subject to law enforcement procedures, which take precedence, check to ensure the PDS was not used until the incident was assessed and its security status determined.

5. If discontinued use of the PDS is or was not practical, check to ensure users of all impacted PDS were notified of the possible breach in security, and instructed that use of systems running on the PDS be limited to the greatest extent possible.

6. Discovery of an anomaly in the PDS that is not properly reported and resolved is a finding. All discoveries must be documented and such documentation retained indefinitely -for as long as the PDS remains functional.

NOTES:

1. This check is applicable to tactical environments. Incidents of possible tampering must be reported to the PDS approving authority in as expeditious a manner as possible.

2. Even if there is no finding, in the reviewer notes provide a brief note of any reported incidents or anomalies previously noted by the site, including the date it was initially noted.

Check Content Reference

M

Target Key

2506

Comments