STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020: STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:SV-41502r3_rule
V-31263
Foreign National (FN) Administrative Controls - Procedures Training
FN-05.02.01
CAT II
10
BACKGROUND: US employees must clearly understand the differences and limitations between REL Officers, other NATO partners, Non-NATO partners and Coalition Partners.
In a mixed US/FN partner environment the US personnel must know exactly what information can be shared and what cannot be shared or how to readily determine this information. For example the restrictions and cautions for partners from Belgium, Germany, France will be significantly greater relative to viewing anything on SIPRNet work stations versus the Australia, Canada, Great Britain partners.
REQUIREMENT: There must be written local procedures and initial/recurring (at least annual) employee training to ensure familiarization with the rules for sharing classified and sensitive information with our partners.
This topic must be included in the initial and annual site security awareness training.
Any one of the following three items will result in a finding:
1. Lack of written procedures,
2. Lack of training, or
3. Clear evidence employees are not familiar with the rules for information sharing.
Check to ensure that US employees clearly understand the differences and limitations between REL Officers, other NATO partners, Non-NATO partners and Coalition Partners. In a mixed US/FN partner environment the US personnel must know exactly what information can be shared and what cannot be shared or how to readily determine this information. For example the restrictions and cautions for partners from Belgium, Germany, France will be significantly greater relative to viewing anything on SIPRNet work stations versus the Australia, Canada, Great Britain partners. This can only be done if there are written local procedures and initial/recurring (at least annual) employee training to ensure familiarization with the rules for sharing classified and sensitive information with our partners.
It is recommended that employees sign an acknowledgement that they understand their responsibilities for sharing information, but this is not to be required.
This particular check should be validated by specifically checking for written procedures and training records.
This subject can be included in the initial and annual site security awareness training but must be clearly detailed as having been properly completed.
The effectiveness of the program can be validated by conducting random employee interviews concerning their understanding of rules covering sharing classified and sensitive information with FN partners assigned to or visiting their organization/site.
Any one of the following three items: Lack of written procedures, lack of training, or evidence employees are not familiar with the rules for information sharing will result in a finding.
TACTICAL ENVIRONMENT: This check is applicable where REL partners/LN/FN are employed in a tactical environment with access to US Systems
V-31263
False
FN-05.02.01
Check to ensure that US employees clearly understand the differences and limitations between REL Officers, other NATO partners, Non-NATO partners and Coalition Partners. In a mixed US/FN partner environment the US personnel must know exactly what information can be shared and what cannot be shared or how to readily determine this information. For example the restrictions and cautions for partners from Belgium, Germany, France will be significantly greater relative to viewing anything on SIPRNet work stations versus the Australia, Canada, Great Britain partners. This can only be done if there are written local procedures and initial/recurring (at least annual) employee training to ensure familiarization with the rules for sharing classified and sensitive information with our partners.
It is recommended that employees sign an acknowledgement that they understand their responsibilities for sharing information, but this is not to be required.
This particular check should be validated by specifically checking for written procedures and training records.
This subject can be included in the initial and annual site security awareness training but must be clearly detailed as having been properly completed.
The effectiveness of the program can be validated by conducting random employee interviews concerning their understanding of rules covering sharing classified and sensitive information with FN partners assigned to or visiting their organization/site.
Any one of the following three items: Lack of written procedures, lack of training, or evidence employees are not familiar with the rules for information sharing will result in a finding.
TACTICAL ENVIRONMENT: This check is applicable where REL partners/LN/FN are employed in a tactical environment with access to US Systems
M
2506