STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Controlled Unclassified Information - Transmission by either Physical or Electronic Means

DISA Rule

SV-42581r3_rule

Vulnerability Number

V-32264

Group Title

Controlled Unclassified Information - Transmission

Rule Version

IS-16.02.05

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

General Information:

Standards for transmission for most types of CUI are the same as for FOUO but some variance does exist. Therefore, specific requirements for certain CUI may need to be checked against applicable references to ensure proper means for transmission are used.

For most CUI and FOUO specifically ensure the following standards are met:

1. FOUO information and material may be transmitted via first class mail, parcel post, or, for bulk shipments, via fourth class mail.

2. Electronic transmission of FOUO information, e.g., e-mail, shall be by approved secure communications systems or systems utilizing other protective measures such as Public Key Infrastructure (PKI) or transport layer security (e.g., https).

3. Use of wireless telephones (cell phones, wireless hand held phones, bluetooth, etc.) should be avoided when other options are available.

4. Transmission of FOUO by facsimile machine (fax) is permitted; the sender is responsible for determining that appropriate protection will be available at the receiving location prior to transmission (e.g., machine attended by a person authorized to receive FOUO; fax located in a controlled government environment).

Check Contents

General Information:

Standards for transmission for most types of CUI are the same as for FOUO but some variance does exist. Therefore, specific requirements for certain CUI may need to be checked against applicable references to ensure proper means for transmission are used.

For most CUI and FOUO specifically check to ensure the following standards are met:

1. FOUO information and material may be transmitted via first class mail, parcel post, or, for bulk shipments, via fourth class mail.

2. Electronic transmission of FOUO information, e.g., e-mail, shall be by approved secure communications systems or systems utilizing other protective measures such as Public Key Infrastructure (PKI) or transport layer security (e.g., https).

3. Use of wireless telephones (cell phones, wireless hand held phones, bluetooth, etc.) should be avoided when other options are available.

4. Transmission of FOUO by facsimile machine (fax) is permitted; the sender is responsible for determining that appropriate protection will be available at the receiving location prior to transmission (e.g., machine attended by a person authorized to receive FOUO; fax located in a controlled government environment).

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments. Not applicable to a field/mobile environment.

Vulnerability Number

V-32264

Documentable

False

Rule Version

IS-16.02.05

Severity Override Guidance

General Information:

Standards for transmission for most types of CUI are the same as for FOUO but some variance does exist. Therefore, specific requirements for certain CUI may need to be checked against applicable references to ensure proper means for transmission are used.

For most CUI and FOUO specifically check to ensure the following standards are met:

1. FOUO information and material may be transmitted via first class mail, parcel post, or, for bulk shipments, via fourth class mail.

2. Electronic transmission of FOUO information, e.g., e-mail, shall be by approved secure communications systems or systems utilizing other protective measures such as Public Key Infrastructure (PKI) or transport layer security (e.g., https).

3. Use of wireless telephones (cell phones, wireless hand held phones, bluetooth, etc.) should be avoided when other options are available.

4. Transmission of FOUO by facsimile machine (fax) is permitted; the sender is responsible for determining that appropriate protection will be available at the receiving location prior to transmission (e.g., machine attended by a person authorized to receive FOUO; fax located in a controlled government environment).

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments. Not applicable to a field/mobile environment.

Check Content Reference

M

Target Key

2506

Comments