Title

Site personnel have not received the proper security training and/or are not familiar with the documents located in the security library. (Cat II impact)

Discussion

Requirement: The IAO will ensure that personnel are familiar with the security practices outlined by applicable documents found in the site’s library and have received the appropriate security training.A personnel security program, combined with other protective measures, make up a security plan to keep DSN assets safe from intrusion or other types of disruptions. The DSN Security Guide describes the personnel security requirements for various types of individuals. To be effective, any security plan requires some type of familiarization and training for its users and participants.

Check Content

Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable.

Fix Text

The ISSO/IAO will establish a security practices plan, as outlined in the DSN Security Guide, to ensure that personnel are familiar with the security practices outlined by applicable documents found in the site’s library and have received the appropriate security training.

Additional Identifiers

Rule ID: SV-8466r1_rule

Vulnerability ID: V-7980

Group Title: Site personnel not properly security trained

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.