STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Vault/Secure Room Storage Standards - Automated Entry Control System (AECS) Records Maintenance, which includes documented procedures for granting and removal of access.

DISA Rule

SV-41831r3_rule

Vulnerability Number

V-31548

Group Title

Vault/Secure Room Storage Standards - Automated Entry Control System (AECS) Records Maintenance

Rule Version

IS-02.02.08

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

1. Ensure there is a documented procedure for removal of persons from the Automated Entry Control System.

2. Ensure that records reflecting active assignment of ID badge/card, PIN, level of access, and similar system-related records are accurately maintained.

3. Ensure that records concerning personnel removed from the system are retained for a minimum of 90 days.

Check Contents

Requirements Summary:

A procedure must be established for removal of an individual's authorization to enter the secure room area upon reassignment, transfer, or termination, or when the individual's access is suspended, revoked, or downgraded to a level lower than the former access level. Records shall also be accurately maintained reflecting active assignment of ID badge/card, PIN, level of access, and similar system-related records. Records concerning personnel removed from the system shall be retained for a minimum of 90 days.

CHECKS:

Check #1. Check to ensure that records reflecting active assignment of ID badge/card, PIN, level of access, and similar system-related records are accurately maintained. (CAT II)

Check #2. Check to ensure there is a documented procedure for removal of persons from the Automated Entry Control System. (CAT III)

Check #3. Check to ensure that records concerning personnel removed from the system are retained for a minimum of 90 days. (CAT III)

TACTICAL ENVIRONMENT: This check is applicable where Vaults/Secure Rooms are used to protect classified materials or systems in a tactical environment. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.

Vulnerability Number

V-31548

Documentable

False

Rule Version

IS-02.02.08

Severity Override Guidance

Requirements Summary:

A procedure must be established for removal of an individual's authorization to enter the secure room area upon reassignment, transfer, or termination, or when the individual's access is suspended, revoked, or downgraded to a level lower than the former access level. Records shall also be accurately maintained reflecting active assignment of ID badge/card, PIN, level of access, and similar system-related records. Records concerning personnel removed from the system shall be retained for a minimum of 90 days.

CHECKS:

Check #1. Check to ensure that records reflecting active assignment of ID badge/card, PIN, level of access, and similar system-related records are accurately maintained. (CAT II)

Check #2. Check to ensure there is a documented procedure for removal of persons from the Automated Entry Control System. (CAT III)

Check #3. Check to ensure that records concerning personnel removed from the system are retained for a minimum of 90 days. (CAT III)

TACTICAL ENVIRONMENT: This check is applicable where Vaults/Secure Rooms are used to protect classified materials or systems in a tactical environment. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.

Check Content Reference

M

Target Key

2506

Comments