ECWM-1 Warning Message
Overview
All users are warned that they are entering a Government information system, and are provided with appropriate privacy and security notices to include statements informing them that they are subject to monitoring, recording and auditing.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| CLASSIFIED SENSITIVE PUBLIC | Low | Enclave Computing Environment |
Details
| Threat |
|---|
| The use of warning banners on computers and networks provides legal notice to anyone accessing them that they are using a U.S. Government system that is subject to monitoring, recording, and auditing. Users also being notified of possible sanctions, such as loss of privileges or even prosecution, if they misuse or access the network without authorization help mitigate malicious activity. |
| Guidance |
|---|
| 1. A warning banner shall be displayed after a successful log-on and this includes banners for internal and local logins as well as external logins. 2. The following elements shall be included in the warning message: a. use of the application constitutes the user’s consent to monitoring, b. use of the application is limited to official US Government business only, c. unauthorized use is subject to criminal prosecution, and d. notice that this is a DOD system. |
References
- CJCSM 6510.10, Defense-In-Depth: Information Assurance (IA) and Computer Network Defense (CND), 15 March 2002
- NIST SP 800-18, Guide for Developing Security Plans for Information Technology Systems, December 1998
- DISA Instruction 630-230-19, Security Requirements for Automated Information Systems, 09 July 1996
- DISA Computer Services Security Handbook, Version 3, 01 December 2000
- DISA Defense Switched Network STIG, Version 1, Release 1, 12 March 2003
- DISA Network Infrastructure STIG, Version 5, Release 2, 29 September 2003