Command and Control (C2) and non-C2 exceptions of SIPRNet must be documented in the enclaves accreditation package and an Authority to Connect (ATC) or Interim ATC amending the connection approval received prior to implementation.

From Network Infrastructure Policy Security Technical Implementation Guide

Part of SIPRNet exceptions must be documented

Associated with: CCI-000366

SV-15498r2_rule Command and Control (C2) and non-C2 exceptions of SIPRNet must be documented in the enclaves accreditation package and an Authority to Connect (ATC) or Interim ATC amending the connection approval received prior to implementation.

Vulnerability discussion

Any exception to use SIPRNet must be documented in an update to the enclave’s accreditation package and an Authority to Connect (ATC) or Interim ATC amending the connection approval received prior to implementation.

Check content

Review SIPRNet accreditation package and an Interim Authority to Connect/Authority to Connect (IATC/ATC) amending the connection approval received. If C2 and non-C2 exceptions are not documented, this is a finding.

Fix text

Document all SIPRNet connections.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.