From Traditional Security
Part of Classified Reproduction - System to Media Transfer from SIPRNet IAW US Cybercom CTO 10-133
Associated with IA controls: PESP-1, PESS-1
Failure to follow guidance for disabling removable media drives on devices connected to the SIPRNet or if approved by the local DAA failure to follow US CYBERCOM procedures for using removable media on SIPRNet could result in the loss or compromise of classified information.
General guidance: Paper copies, electronic files, and other material containing classified information shall be reproduced only when necessary for accomplishing the organizations mission or for complying with applicable statutes or Directives. Personnel reproducing classified information must be knowledgeable of the procedures for classified reproduction and aware of the risks involved with the specific reproduction equipment and media being used and the appropriate countermeasures they are required to take. Reproduced material is to be placed under the same accountability and control requirements as applied to the original material. Classified material is to be reproduced only on approved and when applicable, properly accredited systems. This check concerns ONLY reproduction and/or transfer of classified data using all forms of removable media on SIPRNet connected devices or systems. Check to ensure that US Cybercom Communications Tasking Order (CTO) 10-133 is being complied with as follows: 1. Ensure that the write capability for all possible removable media is disabled as a default setting on all SIPRNet connected machines. 2. Ensure that write settings are only allowed when specifically approved by using the HBSS Device Control Module (DCM). 3. Ensure the system DAA has specifically approved all persons authorized to transfer data from SIPRNet connected system components. 4. Ensure the IAM maintains a list of all persons authorized by the DAA to transfer data from the SIPRNet. 5. Ensure there are written procedures approved by the DAA for use of removable media on SIPRNet. NOTE: Coordination with Technical Reviewers may be required to determine all of the information outlined above. TACTICAL ENVIRONMENT: This check is applicable in a fixed operational facility in a tactical environment if classified equipment is used or documents or media are created/extracted from the SIPRNet. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.
General guidance to consider: Paper copies, electronic files, and other material containing classified information shall be reproduced only when necessary for accomplishing the organizations mission or for complying with applicable statutes or Directives. Personnel reproducing classified information must be knowledgeable of the procedures for classified reproduction and aware of the risks involved with the specific reproduction equipment and media being used and the appropriate countermeasures they are required to take. Reproduced material is to be placed under the same accountability and control requirements as applied to the original material. Classified material is to be reproduced only on approved and when applicable, properly accredited systems. This check concerns ONLY reproduction and/or transfer of classified data using all forms of removable media on SIPRNet connected devices or systems. Ensure that US Cybercom Communications Tasking Order (CTO) 10-133 is being complied with as follows: 1. Ensure that the write capability for all possible removable media is disabled as a default setting on all SIPRNet connected machines. 2. Ensure that write settings are only allowed when specifically approved by using the HBSS Device Control Module (DCM). 3. Ensure the system DAA has specifically approved all persons authorized to transfer data from SIPRNet connected system components. 4. Ensure the IAM maintains a list of all persons authorized by the DAA to transfer data from the SIPRNet. 5. Ensure there are written procedures approved by the DAA for use of removable media on SIPRNet.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer