STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020: STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:SV-42207r3_rule
V-31910
Marking Classified - Equipment, Documents or Media
IS-03.02.01
CAT II
10
Ensure ALL equipment/media/documents in the areas housing SIPRNet assets contain proper classification markings. In a classified operating environment, all unclassified items must be marked in addition to all classified items. For instance: In areas where any classified equipment such as servers, client workstations, printers, routers, crypto, etc. are being used - all classified equipment, media and documents must be properly marked with classification levels and handling caveats - AND ALL UNCLASSIFIED equipment (servers, client workstations, printers, routers, crypto, etc.), media and documents must also be properly marked as unclassified and with handling caveats such as FOUO, when appropriate. This total marking of all assets in a classified environment eliminates the assumption that anything not marked is unclassified. Hence, all equipment, media and documents within SCIFs, Vaults, Secure Rooms and classified Controlled Access Areas (CAA) must be marked with classification levels and handling caveats.
SPECIAL NOTE FOR MONITORS: Monitors connected to SIPRNet/NIPRNet are inert items of equipment in that they do not store/retain classified data. Typically, in a mixed classified/unclassified environment it is appropriate to physically label a monitor classification based on the system to which it is connected.
If a classification banner is displayed on an active monitor screen then the physical monitor is not required to have a SF 710 (unclassified) or SF 707 (secret) sticker. Regardless, there is no prohibition against also using the SF labels as an additional identifier but it is not required.
Typically, most monitor screens connected to the DISN do have classification banners displayed - so placement of SF stickers on monitors is practically a non-issue.
Also, consider that many workstations are using KVM switches to share monitor screens between NIPRNet and SIPRNet. Hence, the single monitor will be unclassified or classified depending on the network it is connected to at a particular moment; making placement of physical classification labels impractical.
Check to ensure ALL equipment/media/documents in the areas housing SIPRNet assets contain proper classification markings.
In a classified operating environment, all unclassified items must be marked in addition to all classified items. For instance: In areas where any classified equipment such as servers, client workstations, printers, routers, crypto, etc. are being used - all classified equipment, media and documents must be properly marked with classification levels and handling caveats - AND ALL UNCLASSIFIED equipment (servers, client workstations, printers, routers, crypto, etc.), media and documents must also be properly marked as unclassified and with handling caveats such as FOUO, when appropriate. This total marking of all assets in a classified environment eliminates the assumption that anything not marked is unclassified. Hence, all equipment, media and documents within SCIFs, Vaults, Secure Rooms and classified Controlled Access Areas (CAA) must be marked with classification levels and handling caveats.
SPECIAL NOTE FOR MONITORS: Monitors connected to SIPRNet/NIPRNet are inert items of equipment in that they do not store/retain classified data. Typically, in a mixed classified/unclassified environment it is appropriate to physically label a monitor classification based on the system to which it is connected.
If a classification banner is displayed on an active monitor screen then the physical monitor is not required to have a SF 710 (unclassified) or SF 707 (secret) sticker. Regardless, there is no prohibition against also using the SF labels as an additional identifier but it is not required.
Typically, most monitor screens connected to the DISN do have classification banners displayed - so placement of SF stickers on monitors is practically a non-issue.
Also, consider that many workstations are using KVM switches to share monitor screens between NIPRNet and SIPRNet. Hence, the single monitor will be unclassified or classified depending on the network it is connected to at a particular moment; making placement of physical classification labels impractical.
TACTICAL ENVIRONMENT: This check is applicable in a tactical environment if classified documents or media are created/extracted from the SIPRNet. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used. All deployed SIPRNet equipment should already contain applicable classification markings/labels.
V-31910
False
IS-03.02.01
Check to ensure ALL equipment/media/documents in the areas housing SIPRNet assets contain proper classification markings.
In a classified operating environment, all unclassified items must be marked in addition to all classified items. For instance: In areas where any classified equipment such as servers, client workstations, printers, routers, crypto, etc. are being used - all classified equipment, media and documents must be properly marked with classification levels and handling caveats - AND ALL UNCLASSIFIED equipment (servers, client workstations, printers, routers, crypto, etc.), media and documents must also be properly marked as unclassified and with handling caveats such as FOUO, when appropriate. This total marking of all assets in a classified environment eliminates the assumption that anything not marked is unclassified. Hence, all equipment, media and documents within SCIFs, Vaults, Secure Rooms and classified Controlled Access Areas (CAA) must be marked with classification levels and handling caveats.
SPECIAL NOTE FOR MONITORS: Monitors connected to SIPRNet/NIPRNet are inert items of equipment in that they do not store/retain classified data. Typically, in a mixed classified/unclassified environment it is appropriate to physically label a monitor classification based on the system to which it is connected.
If a classification banner is displayed on an active monitor screen then the physical monitor is not required to have a SF 710 (unclassified) or SF 707 (secret) sticker. Regardless, there is no prohibition against also using the SF labels as an additional identifier but it is not required.
Typically, most monitor screens connected to the DISN do have classification banners displayed - so placement of SF stickers on monitors is practically a non-issue.
Also, consider that many workstations are using KVM switches to share monitor screens between NIPRNet and SIPRNet. Hence, the single monitor will be unclassified or classified depending on the network it is connected to at a particular moment; making placement of physical classification labels impractical.
TACTICAL ENVIRONMENT: This check is applicable in a tactical environment if classified documents or media are created/extracted from the SIPRNet. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used. All deployed SIPRNet equipment should already contain applicable classification markings/labels.
M
2506