Title

DSN systems are not registered in the DISA VMS (Cat III impact)

Discussion

Requirement: The IAO will ensure that all DISA owned and operated DSN critical assets are registered with the DISA/DoD VMS as follows: - All backbone switches (TSs, STPs, MFSs) - All other switches (EOs, SMEOs, PBX1s, PBX2s and RSUs) owned by DISA - All components of the ADIMSS - All components of auxiliary/adjunct or peripheral systems owned by DISA - All TSs or MFSs owned and operated by DOD components Exception: This requirement is not applicable to systems owned, operated, and maintained by DOD components other than DISA such as EOs, SMEOs, PBX1s, PBX2s and RSUs or their OAM&P and auxiliary/adjunct or peripheral systems. See DSN02.02 below.The DISA/DoD VMS in conjunction with JTF-GNO sends out notifications on vulnerabilities (IAVMs) as they are discovered in commercial and military information infrastructures. If DSN assets and their SAs are not registered with the DISA/DoD VMS,, administrators will not be notified of important vulnerabilities such as viruses, denial of service attacks, system weaknesses, back doors and other potentially harmful situations.

Check Content

Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable.

Fix Text

Comply with policy. Register all assets and their SAs in the DISA/DoD VMS that are required to be registered.

Additional Identifiers

Rule ID: SV-8410r1_rule

Vulnerability ID: V-7924

Group Title: DSN systems are not registered in the DISA VMS

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.