The organization must determine information protection needs arising from the fire and emergency services (FES) and DISN Voice Precedence functions for mission-critical communications and revise the processes as necessary until an achievable set of protection needs is obtained.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300640

Associated with: CCI-000236

VVSP-01-000195_rule The organization must determine information protection needs arising from the fire and emergency services (FES) and DISN Voice Precedence functions for mission-critical communications and revise the processes as necessary until an achievable set of protection needs is obtained.

Vulnerability discussion

Information protection needs are technology-independent, required capabilities to counter threats to organizations, individuals, or the Nation through the compromise of information (i.e., loss of confidentiality, integrity, or availability). Information protection needs are derived from the mission/business needs defined by the organization, the mission/business processes selected to meet the stated needs, and the organizational risk management strategy. Information protection needs determine the required security controls for the organization and the associated information systems supporting the mission/business processes.Inherent in defining an organizations information protection needs is an understanding of the level of adverse impact that could result if a compromise of information occurs. The security categorization process is used to make such potential impact determinations. Mission/business process definitions and associated information protection requirements are documented by the organization in accordance with organizational policy and procedure.One of the primary missions of Voice Video systems is the DISN Voice Precedence mission-critical decision-maker communications, especially during times of crisis. A primary business function includes FES processes. These, along with other mission/business functions, must be documented in the System Security Plan (SSP).

Check content

Review the organizational Voice Video SSP for each system. Verify that the organization has determined information protection needs for the FES and DISN Voice Precedence functions for mission-critical communications. Verify that the revision history documents the processes the organization has updated to improve the protection needs. Confirm that as part of each system update, the FES and DISN Voice Precedence functions have been evaluated to identify any changes to the information protection needs. If the organization does not document and implement the information protection needs for the FES and DISN Voice Precedence functions for mission-critical communications, this is a finding. If these information protection needs are not revised as necessary (e.g., as part of each system update), this is a finding.

Fix text

Document the organizational information protection needs for the FES. Document the organization information protection needs for the DISN Voice Precedence services for mission-critical communications. As part of each system update, revise the processes as necessary until an achievable set of protection needs is obtained.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer