Title

System Administrators (SAs) responsible for DSN information systems are not registered with the DISA VMS. (Cat III impact)

Discussion

Requirement: The IAO will ensure that all Switch and System Administrators (SAs) responsible for VMS registered DSN critical assets will also be registered with the VMS. This includes non DISA personnel responsible for TSs or MFSs owned and operated by DoD components Exception: This does not apply to SAs that are ONLY responsible for systems owned, operated, and maintained by DoD components other than DISA.The DISA/DoD VMS in conjunction with JTF-GNO sends out notifications on vulnerabilities (IAVMs) as they are discovered in commercial and military information infrastructures. If DSN assets and their SAs are not registered with the DISA/DoD VMS, administrators will not be notified of important vulnerabilities such as viruses, denial of service attacks, system weaknesses, back doors and other potentially harmful situations.

Check Content

Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable.

Fix Text

Comply with policy. Register all assets and their SAs in the DISA/DoD VMS that are required to be registered.

Additional Identifiers

Rule ID: SV-8411r1_rule

Vulnerability ID: V-7925

Group Title: DSN SAs are not registered with the DISA VMS

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.