V-245739
Traditional Security Checklist
Title
Protected Distribution System (PDS) Documentation - Request for Approval Documentation
Description
<VulnDiscussion>A PDS that is not approved could cause an Information System Security Manager (ISSM), Authorizing Official (AO) and other concerned managerial personnel to not be fully aware of all vulnerabilities and residual risk of IA systems under their purview. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Enclosure C, paragraph 35.c. 32 CFR 117 and 32 CFR 2001 and 2003 as well as DOD Manual 5220.32 Volume 1 DOD Manual 5200.01, ...
Fix Text (Documentation Requirement)
Documentation must exist for the initial request for PDS approval and any modification requests. PDS must be recertified when modified or when the threat level or security posture changes. A standard operating procedure (SOP) to ensure proper installation, maintenance, operation and inspection of the PDS must be developed by the PDS owner, approved by the AO, and approved by the cognizant security authority. *The SOP must be submitted as a part of the PDS approval documentation. PDS approval documentation and all updates should be kept for the lifetime of the physical structure of the PDS. If the initial documentation or modification requests were not prepared or documentation cannot be located the fix is to prepare a request for PDS approval IAW the CNSSI 7003 template at Annex A and ...