STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020: STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:SV-41465r3_rule
V-31242
FN Physical Access Control - Areas Containing Classified US Only Information Systems
FN-04.01.01
CAT I
10
This fix pertains to mixed classified environments containing US Only systems and media where FN partners are present:
1. All classified and sensitive documents and removable storage media containing US Only information must either be under the continuous observation and control of cleared US personnel or placed in an approved GSA container (Safe) when not in use and under proper US control.
2. Foreign National (FN) access to classified open storage areas (includes vaults, secure rooms, and SCIFs) must be permitted only during normal working hours when US personnel are present to provide oversight.
THIS REQUIREMENT PERTAINS TO CLASSIFIED ENVIRONMENTS such as Secret or higher vaults or classified open storage areas (secure rooms or SCIFs) WHERE FN partners ARE PRESENT with limited or no access to classified information /systems; in particular the SIPRNet. This is important to note, because without the FN presence in such an environment, placement of classified documents and classified removable media in safes when unattended would not normally be necessary/required.
CHECK #1: Check to ensure all classified and sensitive documents and removable storage media containing US Only information are either under the continuous observation and control of cleared US personnel or placed in an approved GSA container (Safe) when not in use and under proper US control. (CAT I)
The requirement in check #2 is complementary to the requirement covered in check #1. Unescorted access to areas where US Only classified equipment, documents and media are present must not be granted to any FN (regardless of clearance level) when cleared US personnel are not present to provide oversight.
CHECK #2: Check to ensure FN access to classified open storage areas (includes vaults, secure rooms, and SCIFs) containing SIPRNet assets is permitted only during normal working hours when US personnel are present to provide oversight. (CAT I)
TACTICAL ENVIRONMENT: This check is applicable where REL partners/LN/FN are employed within fixed facilities in a tactical environment with access to US Systems.
V-31242
False
FN-04.01.01
THIS REQUIREMENT PERTAINS TO CLASSIFIED ENVIRONMENTS such as Secret or higher vaults or classified open storage areas (secure rooms or SCIFs) WHERE FN partners ARE PRESENT with limited or no access to classified information /systems; in particular the SIPRNet. This is important to note, because without the FN presence in such an environment, placement of classified documents and classified removable media in safes when unattended would not normally be necessary/required.
CHECK #1: Check to ensure all classified and sensitive documents and removable storage media containing US Only information are either under the continuous observation and control of cleared US personnel or placed in an approved GSA container (Safe) when not in use and under proper US control. (CAT I)
The requirement in check #2 is complementary to the requirement covered in check #1. Unescorted access to areas where US Only classified equipment, documents and media are present must not be granted to any FN (regardless of clearance level) when cleared US personnel are not present to provide oversight.
CHECK #2: Check to ensure FN access to classified open storage areas (includes vaults, secure rooms, and SCIFs) containing SIPRNet assets is permitted only during normal working hours when US personnel are present to provide oversight. (CAT I)
TACTICAL ENVIRONMENT: This check is applicable where REL partners/LN/FN are employed within fixed facilities in a tactical environment with access to US Systems.
M
RELATED VULS (STIG ID):
1. STIG ID: FN-05.02.01. This requirement is specifically focused on checking written policy/procedures and initial/recurring training concerning US employee interactions with FN employees assigned to the organization OR frequent and recurring FN visitors. Even if there are procedures and training a finding may still be written when it is clear from interviews and observation of the environment by traditional security reviewers that a lack of employee understanding of the rules and procedures are evident and are not being exercised.
2. STIG ID: IS-08.01.01. Classified Monitors/Displays (Physical Control of Classified Monitors From Unauthorized Viewing). This requirement is specifically focused on checking physical controls in place to protect classified work stations (monitor screens) from unauthorized viewing. This requirement includes positioning and control of classified monitors and covers environments where Foreign Nationals are present and US Only work stations/monitor screens are present.
3. STIG ID: IS-08.03.01. This requirement is specifically focused on checking written policy/procedures and initial/recurring training concerning cleared employee responsibilities and actions to protect classified work stations (monitor screens) under their control from unauthorized viewing. This requirement includes positioning and control of classified monitors and covers environments containing US Only work stations/monitor screens where Foreign Nationals are present.
4. STIG ID: IS-08.01.02. This requirement concerns maintaining control of Common Access Cards (CACs), SIPRNet tokens and locking of computer work stations/monitor screens when unattended by removal of CACs, SIPRNet tokens or using Clt/Alt/Del. This requirement includes environments containing US Only work stations/monitor screens where Foreign Nationals are present.
2506