STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Non-Disclosure Agreement - Standard Form 312: no person may have access to classified information unless that person has a security clearance in accordance with DoDM 5200.02 and has signed a Standard Form (SF) 312, Classified Information Non-Disclosure Agreement (NDA), and access is essential to the accomplishment of a lawful and authorized Government function (i.e., has a need to know).

DISA Rule

SV-42286r3_rule

Vulnerability Number

V-31987

Group Title

Non-Disclosure Agreement - Standard Form 312

Rule Version

IS-06.03.01

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

All assigned personnel granted access to classified information must have a signed Non-Disclosure Agreement (NDA) on record. The execution of an NDA must be annotated in the Joint Personnel Accountability System (JPAS) and a signed hard copy MAY also be available locally.

Personnel who transfer from other units or organizations will not necessarily have a signed hard copy NDA on file locally since they are only required to sign the NDA once,
but it MUST be reflected in JPAS.

If an NDA is not annotated in JPAS and a hard copy is not on hand locally, a new SF 312 must be executed and annotated in JPAS.

For individuals without an SF 312 or other approved NDA form on file (either hard copy or in JPAS), immediately remove access to classified information systems (ie, SIPRNet) pending proper execution of an NDA (SF 312) and annotation in JPAS.

Check Contents

The check is to review a sample of Personnel Security Records(minimum of 10% assigned military and civilian employees) to ensure SF 312s have been signed by persons granted access to classified information systems. The now outdated SF 189 or SF 189A, if found are still valid Non-Disclosure Agreements (NDA). The execution of an NDA should also be annotated in the Joint Personnel Accountability System (JPAS). If a paper copy is found but the form is not in JPAS OR if it is annotated in JPAS and a paper copy is not on-hand this is not a finding.

TACTICAL ENVIRONMENT: This check is applicable in a tactical environment. Anyone with access to classified information must have signed an NDA. Paper copies of the signed NDA will likely not be available in a tactical area of operations; however, system access to JPAS should be possible if the theater of operations has been well established.

Vulnerability Number

V-31987

Documentable

False

Rule Version

IS-06.03.01

Severity Override Guidance

The check is to review a sample of Personnel Security Records(minimum of 10% assigned military and civilian employees) to ensure SF 312s have been signed by persons granted access to classified information systems. The now outdated SF 189 or SF 189A, if found are still valid Non-Disclosure Agreements (NDA). The execution of an NDA should also be annotated in the Joint Personnel Accountability System (JPAS). If a paper copy is found but the form is not in JPAS OR if it is annotated in JPAS and a paper copy is not on-hand this is not a finding.

TACTICAL ENVIRONMENT: This check is applicable in a tactical environment. Anyone with access to classified information must have signed an NDA. Paper copies of the signed NDA will likely not be available in a tactical area of operations; however, system access to JPAS should be possible if the theater of operations has been well established.

Check Content Reference

M

Target Key

2506

Comments