| ECAD-1 | To help prevent inadvertent disclosure of controlled information, all contractors are identified by the inclusion of the abbreviation "ctr" and all foreign nationals are identified by the inclusion of their two character country code in: - DoD user e-mail addresses (e.g., john.smith.ctr@army.mil or john.smith.uk@army.mil); - DoD user e-mail display names (e.g., John Smith, Contractor <john.smith.ctr@army.mil=3E or John Smith, United Kingdom <john.smith.uk@army.mil=3E); and - automated signature blocks (e.g., John Smith, Contractor, J-6K, Joint Staff or John Doe, Australia, LNO, Combatant Command). Contractors who are also foreign nationals are identified as both (e.g., john.smith.ctr.uk@army.mil). Country codes and guidance regarding their use are in FIPS 10-4. |
| ECAN-1 | Access to all DoD information (classified, sensitive, and public) is determined by both its classification and user need-to-know. Need-to-know is established by the Information Owner and enforced by discretionary or role-based access controls. Access controls are established and enforced for all shared or networked file systems and internal websites, whether classified, sensitive, or unclassified. All internal classified, sensitive, and unclassified websites are organized to provide at least three distinct levels of access:
1. Open access to general information that is made available to all DoD authorized users with network access. Access does not require an audit transaction.
2. Controlled access to information that is made available to all DoD authorized users upon the presentation of an individual authenticator. Access is recorded in an audit transaction. |
| ECAR-3 | Audit records include:
· User ID.
· Successful and unsuccessful attempts to access security files.
· Date and time of the event.
· Type of event.
· Success or failure of event.
· Successful and unsuccessful logons.
· Denial of access resulting from excessive number of logon attempts.
· Blocking or blacklisting a user ID, terminal or access port, and the reason for the action.
· Activities that might modify, bypass, or negate safeguards controlled by the system.
· Data required auditing the possible use of covert channel mechanisms.
· Privileged activities and other system-level access.
· Starting and ending time for access to the system.
· Security relevant actions associated with periods processing or the changing of security labels or categories of information. |
| ECAT-2 | An automated, continuous on-line monitoring and audit trail creation capability is deployed with the capability to immediately alert personnel of any unusual or inappropriate activity with potential IA implications, and with a user configurable capability to automatically disable the system if serious IA violations are detected. |
| ECCD-2 | Access control mechanisms exist to ensure that data is accessed and changed only by authorized personnel. Access and changes to the data are recorded in transaction logs that are reviewed periodically or immediately upon system security events. Users are notified of time and date of the last change in data content. |
| ECCM-1 | COMSEC activities comply with DoD Directive C-5200.5. |
| ECCR-2 | If required by the information owner, NIST-certified cryptography is used to encrypt stored classified non-SAMI information. |
| ECCR-3 | If a classified enclave contains SAMI and is accessed by individuals lacking an appropriate clearance for SAMI, then NSA-approved cryptography is used to encrypt all SAMI stored within the enclave. |
| ECCT-2 | Classified data transmitted through a network that is cleared to a lower level than the data being transmitted are separately encrypted using NSA-approved cryptography (See also DCSR-3). |
| ECIC-1 | Discretionary access controls are a sufficient IA mechanism for connecting DoD information systems operating at the same classification, but with different need-to-know access rules. A controlled interface is required for interconnections among DoD information systems operating at different classifications levels or between DoD and non-DoD systems or networks. Controlled interfaces are addressed in separate guidance. |
| ECLC-1 | Audit records include:
· User ID.
· Successful and unsuccessful attempts to access security files.
· Date and time of the event.
· Type of event.
· Success or failure of event.
· Successful and unsuccessful logons.
· Denial of access resulting from excessive number of logon attempts.
· Blocking or blacklisting a user ID, terminal or access port, and the reason for the action.
· Activities that might modify, bypass, or negate safeguards controlled by the system.
· Data required auditing the possible use of covert channel mechanisms.
· Privileged activities and other system-level access.
· Starting and ending time for access to the system.
· Security relevant actions associated with periods processing or the changing of security labels or categories of information. |
| ECLO-2 | Successive logon attempts are controlled using one or more of the following:
· Access is denied after multiple unsuccessful logon attempts.
· The number of access attempts in a given period is limited.
· A time-delay control system is employed. If the system allows for multiple logon sessions for each user ID, the system provides a capability to control the number of logon sessions. Upon successful logon, the user is notified of the date and time of the user's last logon, the location of the user at last logon, and the number of unsuccessful logon attempts using this user ID since the last successful logon. |
| ECLP-1 | Access procedures enforce the principles of separation of duties and "least privilege." Access to privileged accounts is limited to privileged users. Use of privileged accounts is limited to privileged functions; that is, privileged users use non-privileged accounts for all non-privileged functions. This control is in addition to an appropriate security clearance and need-to-know authorization. |
| ECML-1 | Information and DoD information systems that store, process, transit, or display data in any form or format that is not approved for public release comply with all requirements for marking and labeling contained in policy and guidance documents such as DoD 5200.1R. Markings and labels clearly reflect the classification or sensitivity level, if applicable, and any special dissemination, handling, or distribution instructions. |
| ECMT-2 | Conformance testing that includes periodic, unannounced in-depth monitoring and provides for specific penetration testing to ensure compliance with all vulnerability mitigation procedures such as the DoD IAVA or other DoD IA practices is planned, scheduled, conducted, and independently validated. Testing is intended to ensure that the system's IA capabilities continue to provide adequate assurance against constantly evolving threats and vulnerabilities. |
| ECNK-1 | Information in transit through a network at the same classification level, but which must be separated for need-to-know reasons, is encrypted, at a minimum, with NIST-certified cryptography. This is in addition to ECCT (encryption for confidentiality - data in transit). |
| ECNK-2 | SAMI information in transit through a network at the same classification level is encrypted using NSA-approved cryptography. This is to separate it for need-to-know reasons. This is in addition to ECCT (encryption for confidentiality - data in transit). |
| ECRC-1 | All authorizations to the information contained within an object are revoked prior to initial assignment, allocation, or reallocation to a subject from the system's pool of unused objects. No information, including encrypted representations of information, produced by a prior subject's actions is available to any subject that obtains access to an object that has been released back to the system. There is absolutely no residual data from the former object. |
| ECRR-1 | If the DoD information system contains sources and methods intelligence (SAMI), then audit records are retained for 5 years. Otherwise, audit records are retained for at least 1 year. |
| ECTC-1 | Measures to protect against compromising emanations have been implemented according to DoD Directive S-5200.19. |
| ECWM-1 | All users are warned that they are entering a Government information system, and are provided with appropriate privacy and security notices to include statements informing them that they are subject to monitoring, recording and auditing. |