Documentation - V-245788

Title

Information Assurance - Network Connections - Physical Protection of Network Devices such as Routers, Switches and Hubs (Connected to SIPRNet or Other Classified Networks or Systems Being Inspected)

Description

<VulnDiscussion>SIPRNet or other classified network connections that are not properly protected in their physical environment are highly vulnerable to unauthorized access, resulting in the probable loss or compromise of classified or sensitive information. REFERENCES: Network Infrastructure Security Technical Implementation Guide (STIG) Access Control in Support of Information Systems Security STIG (Access Control STIG) CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWO...

Fix Text (Documentation Requirement)

1. Network devices on a Classified Network (SIPRNet) such as routers, switches, and hubs must be housed within an approved classified storage safe, vault, or approved open storage area (AKA: secure room, or in a SCIF. Information Processing System (IPS) containers are safes designed to house operational Information System (IS) equipment and can be used to meet this requirement. 2. An alternative to housing classified network devices in approved storage containers or areas is they must be housed in a 24/7 continuously occupied room or area. Occupants of the room or area must possess a security clearance equal to or greater than the level of the classified network devices. 3. Network Administrators and other (authorized) personnel must be the only persons with unimpeded access to the SIP...