STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020: STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:SV-42819r3_rule
V-32482
Physical Security Program - Physical Security Plan
PH-01.03.01
CAT III
10
1. Ensure there is a Physical Security Plan (PSP), either an organizational/site AND/OR an installation security plan in which granular security concerns and procedures at the site are addressed and considered.
NOTE 1: If a higher level installation or base plan is used ensure that it specifically addresses security concerns/procedures for the inspected organization or site. Ideally, a local site or organization should always be included in the host installation security plan. If not, then a separately developed local (site/organization) Physical Security Plan (and/or Systems Security Plan (SSP)) is required, which integrates local security procedures for the site with the security-in-depth (SID) measures detailed in the host installation PSP. The installation level PSP will likely not address granular security concerns for computer rooms and areas hosting information systems assets at individual installation sites. Therefore the local organization(s) should still document specific protection measures covering SIPRNet and/or NIPRNet assets in a local PSP or in an SSP.
2. Ensure security requirements of the computer room(s) (SIPRNet and/or NIPRNet) and collateral classified open storage areas (as applicable) are addressed and that guidance is provided to counter threats during peacetime, transition to war, and in wartime.
3. Ensure the plan also addresses entry/access control procedures for the facility overall and for individual computer rooms/secure rooms or other areas housing network equipment (routers/crypto/switches, etc.). Use of an AECS, guards, lock & key systems, cipher locks, etc. should be specifically and thoroughly addressed in the plan.
4. Ensure that access control procedures cover requirements for various categories of persons expected to access the facility such as employees, visitors, vendors, facility maintenance, and foreign nationals.
NOTE 2: To be complete the plan should specifically address access control of vendors (i.e.,vending machine deliveries), cleaning and food service personnel, cleared versus uncleared visitors, foreign national (FN) visitors, FN employees (OCONUS SOFA, liaison, exchange and REL partners).
5. Finally, ensure the plan addresses security measures and response (Emergency Planning Measures) to include application of Force Protection Conditions, anti-terrorism planning and measures, civil disturbances, natural disasters, crime and any other possible local disruptions of the mission. A thorough plan will include measures designed to detect, delay, assess and respond to intrusions and other emergency situations.
1. Check to ensure there is a Physical Security Plan (PSP), either an organizational/site AND/OR an installation security plan in which granular security concerns and procedures at the site are addressed and considered.
NOTE 1: If a higher level installation or base plan is used ensure that it specifically addresses security concerns/procedures for the inspected organization or site. Ideally, a local site or organization should always be included in the host installation security plan. If not, then a separately developed local (site/organization) Physical Security Plan (and/or Systems Security Plan (SSP)) is required, which integrates local security procedures for the site with the security-in-depth (SID) measures detailed in the host installation PSP. The installation level PSP will likely not address granular security concerns for computer rooms and areas hosting information systems assets at individual installation sites. Therefore the local organization(s) should still document specific protection measures covering SIPRNet and/or NIPRNet assets in a local PSP or in an SSP.
2. Check to ensure security requirements of the computer room(s) (SIPRNet and/or NIPRNet) and collateral classified open storage areas (as applicable) are addressed and that guidance is provided to counter threats during peacetime, transition to war, and in wartime.
3. Check to ensure the plan also addresses entry/access control procedures for the facility overall and for individual computer rooms/secure rooms or other areas housing network equipment (routers/crypto/switches, etc.). Use of an AECS, guards, lock & key systems, cipher locks, etc. should be specifically and thoroughly addressed in the plan.
4. Check to ensure that access control procedures cover requirements for various categories of persons expected to access the facility such as employees, visitors, vendors, facility maintenance, and foreign nationals.
NOTE 2: To be complete the plan should specifically address access control of vendors (ie., vending machine deliveries), cleaning and food service personnel, cleared versus uncleared visitors, foreign national (FN) visitors, FN employees (OCONUS SOFA, liaison, exchange and REL partners).
5. Finally check to ensure the plan addresses security measures and response (Emergency Planning Measures) to include application of Force Protection Conditions, anti-terrorism planning and measures, civil disturbances, natural disasters, crime and any other possible local disruptions of the mission. A thorough plan will include measures designed to detect, delay, assess and respond to intrusions and other emergency situations.
NOTE 3: If the plan or any of the critical elements of the plan (everything mentioned here) applicable to the specific site are missing - a finding should be written.
TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments where procedural documents (SOPs) should be in place. Not applicable to a field/mobile environment.
V-32482
False
PH-01.03.01
1. Check to ensure there is a Physical Security Plan (PSP), either an organizational/site AND/OR an installation security plan in which granular security concerns and procedures at the site are addressed and considered.
NOTE 1: If a higher level installation or base plan is used ensure that it specifically addresses security concerns/procedures for the inspected organization or site. Ideally, a local site or organization should always be included in the host installation security plan. If not, then a separately developed local (site/organization) Physical Security Plan (and/or Systems Security Plan (SSP)) is required, which integrates local security procedures for the site with the security-in-depth (SID) measures detailed in the host installation PSP. The installation level PSP will likely not address granular security concerns for computer rooms and areas hosting information systems assets at individual installation sites. Therefore the local organization(s) should still document specific protection measures covering SIPRNet and/or NIPRNet assets in a local PSP or in an SSP.
2. Check to ensure security requirements of the computer room(s) (SIPRNet and/or NIPRNet) and collateral classified open storage areas (as applicable) are addressed and that guidance is provided to counter threats during peacetime, transition to war, and in wartime.
3. Check to ensure the plan also addresses entry/access control procedures for the facility overall and for individual computer rooms/secure rooms or other areas housing network equipment (routers/crypto/switches, etc.). Use of an AECS, guards, lock & key systems, cipher locks, etc. should be specifically and thoroughly addressed in the plan.
4. Check to ensure that access control procedures cover requirements for various categories of persons expected to access the facility such as employees, visitors, vendors, facility maintenance, and foreign nationals.
NOTE 2: To be complete the plan should specifically address access control of vendors (ie., vending machine deliveries), cleaning and food service personnel, cleared versus uncleared visitors, foreign national (FN) visitors, FN employees (OCONUS SOFA, liaison, exchange and REL partners).
5. Finally check to ensure the plan addresses security measures and response (Emergency Planning Measures) to include application of Force Protection Conditions, anti-terrorism planning and measures, civil disturbances, natural disasters, crime and any other possible local disruptions of the mission. A thorough plan will include measures designed to detect, delay, assess and respond to intrusions and other emergency situations.
NOTE 3: If the plan or any of the critical elements of the plan (everything mentioned here) applicable to the specific site are missing - a finding should be written.
TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments where procedural documents (SOPs) should be in place. Not applicable to a field/mobile environment.
M
2506