STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Information Assurance - COOP Plan or Testing (Incomplete)

DISA Rule

SV-41051r3_rule

Vulnerability Number

V-31004

Group Title

Information Assurance - COOP Plan or Testing (Incomplete)

Rule Version

IA-02.03.01

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

ALL systems connected to the DoDIN must be included in the enclave COOP documentation and testing. If it is determined that some (a portion of the systems on site) of the site/organization systems connected to the DoDIN do not need to be included in the COOP (plan and/or testing) then the risk for this must specifically be accepted by the AO in a holistic risk assessment document.

Check Contents

This check is for when a reviewer finds that a COOP process is well established within the inspected organization, but it does not include a minority of systems, requirements, or testing of all systems, for which the risk of having no COOP or testing was not accepted by the Authorizing official (AO) in a holistic risk assessment for the organization.

NOTES:

1. This finding/VUL is only applicable when some of the site/organization systems are connected to the DoDIN and do not have a COOP and/or the COOP is not tested and the risk for not having a COOP and/or documented testing is not accepted by the AO in a holistic risk assessment document.

2. If this finding/VUL is used then VUL V0030997 is NA.

3. This VUL is applicable in a tactical environment if it involves a fixed facility as previously described.

Vulnerability Number

V-31004

Documentable

False

Rule Version

IA-02.03.01

Severity Override Guidance

This check is for when a reviewer finds that a COOP process is well established within the inspected organization, but it does not include a minority of systems, requirements, or testing of all systems, for which the risk of having no COOP or testing was not accepted by the Authorizing official (AO) in a holistic risk assessment for the organization.

NOTES:

1. This finding/VUL is only applicable when some of the site/organization systems are connected to the DoDIN and do not have a COOP and/or the COOP is not tested and the risk for not having a COOP and/or documented testing is not accepted by the AO in a holistic risk assessment document.

2. If this finding/VUL is used then VUL V0030997 is NA.

3. This VUL is applicable in a tactical environment if it involves a fixed facility as previously described.

Check Content Reference

M

Target Key

2506

Comments