STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Handling of Classified Documents, Media, Equipment - Written Procedures and Training for when classified material/equipment is removed from a security container and/or secure room.

DISA Rule

SV-42287r3_rule

Vulnerability Number

V-31988

Group Title

Handling of Classified Documents, Media, Equipment - Written Procedures and Training

Rule Version

IS-07.03.01

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

There must be written procedures for handling classified material/equipment when removed from approved storage (security container and/or secure room, vault, collateral classified open storage area or SCIF).

The procedures must be readily available to each employee via electronic means, such as in space on an organizational intranet, shared folders or other means available

Training logs (initial and annual refresher) must reflect that all employees granted access to classified are briefed on proper handling procedures e.g., use of cover sheets, maintaining positive control of the material, marking/labeling, access by vendors, determining clearance and need-to-know before release, reproduction, etc.

Check Contents

1. Check there are written procedures for handling classified material/equipment when removed from a security container and/or secure room. These procedures must thoroughly cover all aspects of protection and storage of classified materials and be made readily available to each employee via electronic means, such as in space on an organizational intranet, shared folders or other means available. (CAT III)

2. Check training logs (initial and annual refresher) that all employees granted access to classified are briefed on proper handling procedures e.g., use of cover sheets, maintaining positive control of the material, marking/labeling, access by vendors, determining clearance and need-to-know before release, reproduction, etc. (CAT III)

TACTICAL ENVIRONMENT: The check is applicable for fixed tactical classified processing environments. Not applicable to a field/mobile environment.

Vulnerability Number

V-31988

Documentable

False

Rule Version

IS-07.03.01

Severity Override Guidance

1. Check there are written procedures for handling classified material/equipment when removed from a security container and/or secure room. These procedures must thoroughly cover all aspects of protection and storage of classified materials and be made readily available to each employee via electronic means, such as in space on an organizational intranet, shared folders or other means available. (CAT III)

2. Check training logs (initial and annual refresher) that all employees granted access to classified are briefed on proper handling procedures e.g., use of cover sheets, maintaining positive control of the material, marking/labeling, access by vendors, determining clearance and need-to-know before release, reproduction, etc. (CAT III)

TACTICAL ENVIRONMENT: The check is applicable for fixed tactical classified processing environments. Not applicable to a field/mobile environment.

Check Content Reference

M

Target Key

2506

Comments