STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

COMSEC Account Management - Equipment and Key Storage

DISA Rule

SV-40855r3_rule

Vulnerability Number

V-30837

Group Title

COMSEC Account Management - Equipment and Key Storage

Rule Version

CS-01.01.01

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

COMSEC material must be stored in a GSA approved container such as safe, vault, or secure room IAW (NSA/CSS Policy Manual 3-16, Section XI, paragraph 89). Specific standards are:
1. Keyed crypto equipment must be housed within a proper GSA safe, vault or secure room.
2. If crypto equipment is not housed within a proper GSA safe, vault or secure room the Crypto Encryption Key must be removed and stored in a GSA approved safe or in a separate room from the crypto equipment when the equipment is not under the continuous observation and control of a properly cleared person.
3. Information Processing System (IPS) containers (safes) may be used to securely store and operate keyed equipment.
4. If unclassified crypto equipment is not operated in a safe, vault or secure room it must minimally be maintained within an approved Secret or higher Controlled Access Area (CAA) and further secured in a locked room (equipment closet) or equipment rack suitable for control of sensitive equipment to ensure only system administrator and COMSEC personnel have access to the equipment.
5. NOTES: This requirement applies to a tactical environment. Unless under continuous observation and control, Crypto Equipment Key must be removed and maintained separately from the encryption device - unless it is operated in a proper safe, vault or secure room. Ensure that any COMSEC account, materials or equipment being inspected is used for encryption of DoDIN assets. COMSEC items not used with DoDIN assets should not be inspected. Specifically, only COMSEC items associated with the CCSDs being inspected are to be included in this check.

Check Contents

Ask the COMSEC Custodian, COMSEC Responsible Officer (CRO), Security Manager or ISSM how COMSEC equipment and materials are transported, handled and stored. Physically check that crypto equipment, keys, and keyed crypto are handled and stored properly. Reviewers must annotate specific types of crypto devices observed in the finding details or comments, (e.g. TACLANE, KIV 7, etc.)

Vulnerability Number

V-30837

Documentable

False

Rule Version

CS-01.01.01

Severity Override Guidance

Ask the COMSEC Custodian, COMSEC Responsible Officer (CRO), Security Manager or ISSM how COMSEC equipment and materials are transported, handled and stored. Physically check that crypto equipment, keys, and keyed crypto are handled and stored properly. Reviewers must annotate specific types of crypto devices observed in the finding details or comments, (e.g. TACLANE, KIV 7, etc.)

Check Content Reference

M

Target Key

2506

Comments