Title

DoD voice/video/RTS information system assets and vulnerabilities are not tracked and managed using any vulnerability management system as required by DoD policy. (Cat III impact)

Discussion

Requirement: The IAO will ensure that all systems including switches, OAM&P systems, auxiliary/adjunct, and peripheral systems connected to the DSN along with their SAs are registered and tracked with an asset and vulnerability management system similar to VMS.

Check Content

Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable.

Fix Text

Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.

Additional Identifiers

Rule ID: SV-8834r1_rule

Vulnerability ID: V-8339

Group Title: DoD RTS/IS vulnerabilities NOT managed with a VMS

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.