STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020: STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:SV-41023r3_rule
V-30979
PDS Monitoring - Reporting Incidents
CS-06.02.02
CAT II
10
1. A procedure must be written that covers how to handle all possible types of potential PDS incidents.
2. ALL incidents of suspected or actual tampering, penetration, or unauthorized interception must be reported immediately to the PDS Approving Authority and the local security/law enforcement authority.
3. Subject to law enforcement procedures, which take precedence, the PDS must not be used until the incident is assessed and its security status determined.
4. If discontinued use of the PDS is or was not practical, all users of impacted PDS must be notified of the possible breach in security and instructed that use of systems running on the PDS be limited to the greatest extent possible.
5. All discoveries must be documented and such documentation retained indefinitely -for as long as the PDS remains functional.
1. Check to ensure there are procedures written that cover how to handle all possible types of potential PDS incidents.
2. Check daily and technical inspection results (logs) for evidence of discovered PDS anomalies.
3. Ensure any incidents of tampering, penetration, or unauthorized interception were reported immediately to the PDS Approving Authority and the local security/law enforcement authority.
4. Subject to law enforcement procedures, which take precedence, check to ensure the PDS was not used until the incident was assessed and its security status determined.
5. If discontinued use of the PDS is or was not practical, check to ensure users of all impacted PDS were notified of the possible breach in security, and instructed that use of systems running on the PDS be limited to the greatest extent possible.
6. Discovery of an anomaly in the PDS that is not properly reported and resolved is a finding. All discoveries must be documented and such documentation retained indefinitely -for as long as the PDS remains functional.
NOTES:
1. This check is applicable to tactical environments. Incidents of possible tampering must be reported to the PDS approving authority in as expeditious a manner as possible.
2. Even if there is no finding, in the reviewer notes provide a brief note of any reported incidents or anomalies previously noted by the site, including the date it was initially noted.
V-30979
False
CS-06.02.02
1. Check to ensure there are procedures written that cover how to handle all possible types of potential PDS incidents.
2. Check daily and technical inspection results (logs) for evidence of discovered PDS anomalies.
3. Ensure any incidents of tampering, penetration, or unauthorized interception were reported immediately to the PDS Approving Authority and the local security/law enforcement authority.
4. Subject to law enforcement procedures, which take precedence, check to ensure the PDS was not used until the incident was assessed and its security status determined.
5. If discontinued use of the PDS is or was not practical, check to ensure users of all impacted PDS were notified of the possible breach in security, and instructed that use of systems running on the PDS be limited to the greatest extent possible.
6. Discovery of an anomaly in the PDS that is not properly reported and resolved is a finding. All discoveries must be documented and such documentation retained indefinitely -for as long as the PDS remains functional.
NOTES:
1. This check is applicable to tactical environments. Incidents of possible tampering must be reported to the PDS approving authority in as expeditious a manner as possible.
2. Even if there is no finding, in the reviewer notes provide a brief note of any reported incidents or anomalies previously noted by the site, including the date it was initially noted.
M
2506