STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Information Assurance - Accreditation Documentation

DISA Rule

SV-41139r3_rule

Vulnerability Number

V-31084

Group Title

Information Assurance - Accreditation Documentation

Rule Version

IA-07.02.01

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

1. A current accreditation document approved by the AO must be on hand for all systems and applications connected to the DoDIN.

2. Copies of the original accreditation documentation along with any subsequent modifications must be on-hand for review.

3. The Approval to Operate (ATO) or Interim Approval to Operate (IATO) must be up-to-date and must be signed by the current Approving Authority.

Check Contents

Check the accreditation package with only a cursory review to ensure the ATO/IATO are current.

TACTICAL ENVIRONMENT: The check is applicable. The ATO and associated documentation should be found in a fixed HQ location where the ISSM/ISSO are located. When possible, documentation should be requested/sought before departing on trips to tactical locations. Copies sent to the reviewers email (NIPR or SIPR depending on classification of document) can be used to validate compliance.

Vulnerability Number

V-31084

Documentable

False

Rule Version

IA-07.02.01

Severity Override Guidance

Check the accreditation package with only a cursory review to ensure the ATO/IATO are current.

TACTICAL ENVIRONMENT: The check is applicable. The ATO and associated documentation should be found in a fixed HQ location where the ISSM/ISSO are located. When possible, documentation should be requested/sought before departing on trips to tactical locations. Copies sent to the reviewers email (NIPR or SIPR depending on classification of document) can be used to validate compliance.

Check Content Reference

M

Target Key

2506

Comments