STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Classified Monitors/Displays (Procedures for Obscuration of Classified Monitors) - protection from uncleared persons or those without a need-to-know.

DISA Rule

SV-42291r3_rule

Vulnerability Number

V-31992

Group Title

Classified Monitors/Displays (Procedures for Obscuration of Classified Monitors)

Rule Version

IS-08.03.01

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Ensure there are written procedures for employees to follow to keep classified monitors from being viewed by unauthorized persons. Procedures should include when to cover or turn-off classified monitors - such as when visitors are announced, importance of maintaining monitor positioning for privacy, pulling of window shades, blinds, etc. Procedures must be tailored to the physical environment and mission operations of the organization.

Check Contents

Check to ensure there are written procedures for employees to follow to keep classified monitors from being viewed by unauthorized persons. Procedures should include when to cover or turn-off classified monitors - such as when visitors are announced, importance of maintaining monitor positioning for privacy, pulling of window shades, blinds, etc. Procedures must be tailored to the physical environment and mission operations of the organization.

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments. Not applicable to a field/mobile environment.

Vulnerability Number

V-31992

Documentable

False

Rule Version

IS-08.03.01

Severity Override Guidance

Check to ensure there are written procedures for employees to follow to keep classified monitors from being viewed by unauthorized persons. Procedures should include when to cover or turn-off classified monitors - such as when visitors are announced, importance of maintaining monitor positioning for privacy, pulling of window shades, blinds, etc. Procedures must be tailored to the physical environment and mission operations of the organization.

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments. Not applicable to a field/mobile environment.

Check Content Reference

M

Potential Impact

RELATED VULS (STIG ID):

1. STIG ID: FN-04.01.01. This requirement concerns two related concerns. First is control of physical access to areas containing US Only workstations/monitor screens, equipment, media or documents in working environments where Foreign Nationals are employed or present. Second, It also covers maintaining continuous observation and control of US Only classified information system removable storage media and documents within classified storage locations (such as SCIFs, secure rooms or vaults) where foreign nationals are present OR or placement in an approved safe.

2. STIG ID: IS-08.01.01. This requirement is specifically focused on checking physical controls in place to protect classified work stations (monitor screens/displays) from unauthorized viewing. This check does cover considerations for environments with US Only monitors and Foreign National (FN) presence but is not specific to only FN work environments. It is also applicable to ALL environments where classified work stations (monitor screens/displays) are being used and there is a possibility of unauthorized viewing of the monitor screens by uncleared persons or those without a need-to-know.

3. STIG ID: IS-08.01.02. This requirement concerns maintaining control of Common Access Cards (CACs), SIPRNet tokens AND locking of computer work stations/monitor screens when unattended by removal of CACs, SIPRNet tokens or using Ctrl/Alt/Del.

Target Key

2506

Comments