STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Information Security (INFOSEC) - Vault Storage/Construction Standards

DISA Rule

SV-41540r3_rule

Vulnerability Number

V-31273

Group Title

Information Security (INFOSEC) - Vault Storage/Construction Standards

Rule Version

IS-02.01.06

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Vaults containing inspectable SIPRNet assets must have documented confirmation from supporting Facility Engineers to ensure each is built to the following standards:

1. As a Class A vault (concrete poured-in-place) built to Federal Standard (FED STD) 832 and specifically check/validate the following:

a. Floor and Walls. Eight inches of reinforced concrete. Walls are to extend to the underside of the roof slab above.

b. Roof/True Ceiling. Monolithic reinforced-concrete slab of thickness to be determined by structural requirements, but not less than the floors and walls.

c. Class 5 Vault Door and Frame and be fitted with an FF-L-2740 combination lock. The vault door and frame unit must conform to Federal Specification AA-D-600 Class 5 vault door with lock meeting Federal Specification FF-L-2740. It cannot be an armory vault door, which should have a GSA label (silver with red letters) stating that it is a "GSA Approved Armory Vault Door". AN ARMORY DOOR IS NOT APPROVED FOR CLASSIFIED STORAGE - AA&E STORAGE ONLY. The "proper"security vault door label must read: "GSA Approved Security Vault Door" (label also silver with red letters). The difference between the two doors is that armory vault doors are fitted with Federal Specification FF-L-2937 mechanical combination locks.

2. As a Class B vault (GSA-approved modular vault) meeting Federal Specification AA-V-2737, Modular Vault Systems, April 25, 1990, with Amendment 2, October 30, 2006.

Facility Engineer (FE) construction certificates or other documentation must be available to ensure construction standards are met. Often these certificates are posted on the inside of the vault near the door, but can be on file elsewhere at the site.

Check Contents

For vaults containing inspectable SIPRNet assets check with supporting Facility Engineers to ensure it is properly constructed IAW one of the following two specifications:

1. As a Class A vault (concrete poured-in-place) built to Federal Standard (FED STD) 832 and specifically check/validate the following:

a. Floor and Walls. Eight inches of reinforced concrete. Walls are to extend to the underside of the roof slab above.

b. Roof/True Ceiling. Monolithic reinforced-concrete slab of thickness to be determined by structural requirements, but not less than the floors and walls.

c. "True" vaults must have a Class 5 Vault Door and Frame and be fitted with an FF-L-2740 combination lock. The vault door and frame unit must conform to Federal Specification AA-D-600 Class 5 vault door with lock meeting Federal Specification FF-L-2740. Ensure it is not an armory vault door, which should have a GSA label (silver with red letters) stating that it is a "GSA Approved Armory Vault Door". AN ARMORY DOOR IS NOT APPROVED FOR CLASSIFIED STORAGE - AA&E STORAGE ONLY. The "proper"security vault door label reads "GSA Approved Security Vault Door" (label also silver with red letters). The difference between the two doors is that armory vault doors are fitted with Federal Specification FF-L-2937 mechanical combination locks. Facility Engineer (FE) construction certificates or other documentation should be requested to ensure construction standards are met. Often these certificates are posted on the inside of the vault near the door.

2. As a Class B vault (GSA-approved modular vault) meeting Federal Specification AA-V-2737, Modular Vault Systems, April 25, 1990, with Amendment 2, October 30, 2006.

NOTE:
Here again, normally FE certification documentation will be posted within the vault, but it is OK if such documentation is on file elsewhere at the site.

The DoD Lock Program WEB Portal provides detailed specifications for vaults and ordering instructions for doors. Available through DoD Lock Program at the Documents, Federal Specifications tab for Federal Specifications or Documents, Directives and Guidance tab for Federal Standards and Military Handbooks:

https://locks.navfac.navy.mil

TACTICAL ENVIRONMENT: This check is applicable where vaults are used to protect classified materials or systems in a tactical environment.

Vulnerability Number

V-31273

Documentable

False

Rule Version

IS-02.01.06

Mitigations

INFOSEC-Vault Storage/Construction Standards

Severity Override Guidance

For vaults containing inspectable SIPRNet assets check with supporting Facility Engineers to ensure it is properly constructed IAW one of the following two specifications:

1. As a Class A vault (concrete poured-in-place) built to Federal Standard (FED STD) 832 and specifically check/validate the following:

a. Floor and Walls. Eight inches of reinforced concrete. Walls are to extend to the underside of the roof slab above.

b. Roof/True Ceiling. Monolithic reinforced-concrete slab of thickness to be determined by structural requirements, but not less than the floors and walls.

c. "True" vaults must have a Class 5 Vault Door and Frame and be fitted with an FF-L-2740 combination lock. The vault door and frame unit must conform to Federal Specification AA-D-600 Class 5 vault door with lock meeting Federal Specification FF-L-2740. Ensure it is not an armory vault door, which should have a GSA label (silver with red letters) stating that it is a "GSA Approved Armory Vault Door". AN ARMORY DOOR IS NOT APPROVED FOR CLASSIFIED STORAGE - AA&E STORAGE ONLY. The "proper"security vault door label reads "GSA Approved Security Vault Door" (label also silver with red letters). The difference between the two doors is that armory vault doors are fitted with Federal Specification FF-L-2937 mechanical combination locks. Facility Engineer (FE) construction certificates or other documentation should be requested to ensure construction standards are met. Often these certificates are posted on the inside of the vault near the door.

2. As a Class B vault (GSA-approved modular vault) meeting Federal Specification AA-V-2737, Modular Vault Systems, April 25, 1990, with Amendment 2, October 30, 2006.

NOTE:
Here again, normally FE certification documentation will be posted within the vault, but it is OK if such documentation is on file elsewhere at the site.

The DoD Lock Program WEB Portal provides detailed specifications for vaults and ordering instructions for doors. Available through DoD Lock Program at the Documents, Federal Specifications tab for Federal Specifications or Documents, Directives and Guidance tab for Federal Standards and Military Handbooks:

https://locks.navfac.navy.mil

TACTICAL ENVIRONMENT: This check is applicable where vaults are used to protect classified materials or systems in a tactical environment.

Check Content Reference

M

Mitigation Control

For Industry sites ONLY that are not located within the bounds of a DoD installation the standards for vault construction found in the NISPOM under Section 8, paragraph 5-802. Construction Required for Vaults - may be used.

Target Key

2506

Comments