Title

The ISSO/IAO does not maintain a DSN Personnel Security Certification letter on file for each person involved in DSN A/NM duties. (Cat III impact)

Discussion

A DSN Personnel Security Certification letter will provide documented proof that site personnel have attended and successfully passed a security training and awareness program. This program will provide training appropriate to the security needs of each person involved with the DSN. The program will ensure that all personnel understand the risks to the DSN. This type of program reminds the personnel of the proper security-related operational and control procedures for which they are responsible.

Check Content

Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable.

Fix Text

Establish a DSN security awareness-training program. Review all DSN personnel security-related responsibilities and document certification by signing a Personnel Security Certification letter.

Additional Identifiers

Rule ID: SV-8467r1_rule

Vulnerability ID: V-7981

Group Title: Security Certification letters are not on file

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.