STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Information Security (INFOSEC) - Secure Room Storage Standards - Interior Motion Detection

DISA Rule

SV-41543r3_rule

Vulnerability Number

V-31276

Group Title

Information Security (INFOSEC) - Secure Room Storage Standards - Interior Motion Detection

Rule Version

IS-02.01.09

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Compliance with the following two considerations is required where an IDS is used in lieu of 4-hour random checks, for secure rooms or collateral classified open storage areas containing SIPRNet assets:

1. Where IDS is being used BUT there is NO RISK ASSESSMENT approved by the Component Authorizing Official (AO) and/or a SECURITY-IN-DEPTH DETERMINATION *IN WRITING by the CC/S/A Senior Agency Official (SAO) (Security/INFOSEC) that specifically addresses the secure room or open storage space OR the risk assessment does not specifically provide for a detailed evaluation of the need for motion sensor employment, including a thorough assessment of the most effective and efficient methods for employment of motion detection:

Secure rooms or areas where classified SIPRNet equipment and/or associated media is stored in the open must be protected with interior motion detection sensors; e.g., ultrasonic and passive infrared when the specific area containing the classified material is closed or not under continuous observation and control of a cleared employee.

Use of dual technology is authorized when one technology transmits an alarm condition independently from the other technology. A failed detector shall cause an immediate and continuous alarm condition.

Employment of motion detectors need not cover 100% of the entire secure room space (although that is recommended) but shall minimally (directly) cover any SIPRNet assets (equipment or media) that are accessible (not stored within a GSA approved container (safe)) within the secure room or area.

2. At a minimum all SIPRNet connected equipment must be directly covered by motion sensors OR motion sensors must be employed in the secure room space as "specifically detailed" in the risk assessment, which is approved by the Component Authorizing Official (AO).

Unless adequately detailed in the risk assessment, motion detectors placed to cover only doors that are protected with BMS alarm contacts are not sufficient to meet this requirement/check.

Check Contents

The following applies where IDS is used in lieu of 4-hour random checks, for secure rooms or collateral classified open storage areas containing SIPRNet assets:

Checks:
1. Check at sites where IDS is being used and:

- There is NO RISK ASSESSMENT approved by the Component Authorizing Official (AO) or

- The risk assessment does not specifically provide a detailed evaluation of the need for motion sensor employment, including a thorough assessment of the most effective and efficient methods for employment of motion detection and/or

- There is NO SECURITY-IN-DEPTH DETERMINATION *IN WRITING by the CC/S/A Senior Agency Official (SAO)(Security/INFOSEC) that considers factors contained in the risk assessment and specifically focuses on the collateral classified secure room/open storage space:

Check to ensure that secure rooms or areas where classified SIPRNet equipment and/or associated media is stored in the open is protected with interior motion detection sensors; e.g., ultrasonic and passive infrared, during times when the specific area containing the classified material is closed or not under continuous observation and control by a cleared employee.

Use of dual technology sensors is authorized when one technology transmits an alarm condition independently from the other technology. A failed detector shall cause an immediate and continuous alarm condition.

Employment of motion detectors need not cover 100% of the entire secure room space (although that is recommended) but shall minimally (directly) cover any SIPRNet assets (equipment or media) that are accessible (not stored within a GSA approved container (safe)) within the secure room or area.

2. Where a proper risk assessment signed by the AO, which specifically considers both the number and employment (positioning) of motion sensors in the secure room space and a supporting Security-in-Depth Determination signed by the SAO are both available:

Check that motion sensors are either employed to directly cover all areas within the secure room containing SIPRNet assets OR that motion sensors are employed in the secure room space as specifically detailed in the risk assessment.

NOTE: Unless adequately detailed and justified in the risk assessment, motion detectors placed to cover only doors that are protected with BMS alarm contacts are not sufficient to meet this requirement/check.

TACTICAL ENVIRONMENT: This check is applicable where Secure Rooms are used to protect classified materials or systems in a tactical environment. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.

Vulnerability Number

V-31276

Documentable

False

Rule Version

IS-02.01.09

Severity Override Guidance

The following applies where IDS is used in lieu of 4-hour random checks, for secure rooms or collateral classified open storage areas containing SIPRNet assets:

Checks:
1. Check at sites where IDS is being used and:

- There is NO RISK ASSESSMENT approved by the Component Authorizing Official (AO) or

- The risk assessment does not specifically provide a detailed evaluation of the need for motion sensor employment, including a thorough assessment of the most effective and efficient methods for employment of motion detection and/or

- There is NO SECURITY-IN-DEPTH DETERMINATION *IN WRITING by the CC/S/A Senior Agency Official (SAO)(Security/INFOSEC) that considers factors contained in the risk assessment and specifically focuses on the collateral classified secure room/open storage space:

Check to ensure that secure rooms or areas where classified SIPRNet equipment and/or associated media is stored in the open is protected with interior motion detection sensors; e.g., ultrasonic and passive infrared, during times when the specific area containing the classified material is closed or not under continuous observation and control by a cleared employee.

Use of dual technology sensors is authorized when one technology transmits an alarm condition independently from the other technology. A failed detector shall cause an immediate and continuous alarm condition.

Employment of motion detectors need not cover 100% of the entire secure room space (although that is recommended) but shall minimally (directly) cover any SIPRNet assets (equipment or media) that are accessible (not stored within a GSA approved container (safe)) within the secure room or area.

2. Where a proper risk assessment signed by the AO, which specifically considers both the number and employment (positioning) of motion sensors in the secure room space and a supporting Security-in-Depth Determination signed by the SAO are both available:

Check that motion sensors are either employed to directly cover all areas within the secure room containing SIPRNet assets OR that motion sensors are employed in the secure room space as specifically detailed in the risk assessment.

NOTE: Unless adequately detailed and justified in the risk assessment, motion detectors placed to cover only doors that are protected with BMS alarm contacts are not sufficient to meet this requirement/check.

TACTICAL ENVIRONMENT: This check is applicable where Secure Rooms are used to protect classified materials or systems in a tactical environment. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.

Check Content Reference

M

Potential Impact

This particular requirement/check for motion detection (IS-02.01.09) can only be used when the IDS requirement (IS-02.01.07) is the supplemental control selected for secure rooms or collateral classified open storage areas areas containing classified SIPRNet assets. It is not applicable (NA) if the requirement for 4-hour random checks (IS-02.01.10) is used in lieu of IS-02.01.07.

Target Key

2506

Comments