Check: CS-01.03.01
Traditional Security Checklist:
CS-01.03.01
(in versions v2 r6 through v1 r3)
Title
COMSEC Account Management - Appointment of Responsible Person (Cat III impact)
Discussion
Lack of formal designation of an individual to be responsible for COMSEC items could result in mismanagement, loss or even compromise of COMSEC materials. Additionally, lack of formal vetting for a specific individual to be appointed for management of COMSEC material could result in a person (such as a non-US Citizen) having unauthorized access. REFERENCES: DoD Manual 5200.01, Volume 1, 24 February 2012, SUBJECT: DoD Information Security Program: Overview, Classification, and Declassification, Encl 3, paragraph 6.e. (3). DoD 5220.22-M (NISPOM), Section 4 DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP), paragraphs 6.5.d., 7.16. e. & f. and 8.2.b. (3) NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: IA-1, PL-1, PS-1, PS-2, and SC-1 NSA/CSS Policy Manual 3-16, Sections III, VI, X and XI CNSS Policy No.1, NATIONAL POLICY FOR SAFEGUARDING AND CONTROL OF COMSEC MATERIALS
Check Content
Check there is a current COMSEC Custodian appointment letter or verify there is a Hand Receipt Holder for COMSEC key material received from a supporting account. NOTE: Ensure that any COMSEC account, materials or equipment being inspected is used for encryption of DoDIN assets. COMSEC accounts or items not used with DoDIN assets should not be inspected.
Fix Text
A person must be identified and appointed in writing to be either the COMSEC custodian or a COMSEC Hand Receipt Holder. Alternates must also be appointed in writing.
Additional Identifiers
Rule ID: SV-245723r822790_rule
Vulnerability ID: V-245723
Group Title: CS-01.03.01
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |