UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

COMSEC Training - COMSEC Custodian or Hand Receipt Holder


Overview

Finding ID Version Rule ID IA Controls Severity
V-245725 CS-02.02.01 SV-245725r917317_rule Medium
Description
Lack of appropriate training for managers of COMSEC accounts could result in the mismanagement of COMSEC records and inadequate physical protection and ultimately lead to the loss or compromise of COMSEC keying material. REFERENCES: DOD Manual 5200.01, Volume 1, 24 February 2012, SUBJECT: DOD Information Security Program: Overview, Classification, and Declassification DOD 5220.22-M (NISPOM), Section 4 NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AT-3, AT-4, and SC-1 NSA/CSS Policy Manual 3-16, Section III, paragraph 16 . CNSS Policy No.1, NATIONAL POLICY FOR SAFEGUARDING AND CONTROL OF COMSEC MATERIALS DOD Instruction 8523.01, Communications Security (COMSEC), January 6, 2021 CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND)
STIG Date
Traditional Security Checklist 2023-12-21

Details

Check Text ( C-49156r917142_chk )
Check for documented proof of COMSEC Custodian or hand receipt holder training.

NOTES:

1. Formal training for primary COMSEC account holders must be completed within six months of being designated as COMSEC Custodian.

2. Ensure that any COMSEC account, materials or equipment being inspected is used for encryption of DODIN assets. COMSEC accounts or items not used with DODIN assets should not be inspected.
Fix Text (F-49111r917143_fix)
Documented proof of required COMSEC Custodian or hand receipt holder training must be available. Formal training of primary COMSEC account holders is required within 6-months of being appointed as COMSEC Custodian or alternate. Sub-Account or hand receipt holders may be trained by the sponsoring primary account COMSEC Custodian.