Top Viewed Controls (Last 30 Days)
System initialization, shutdown, and aborts are configured to ensure that the system remains in a secure state. Tests are provided and periodically run to ensure the integrity of the system state.
The DoD information system security design incorporates best security practices such as single sign-on, PKE, smart card, and biometrics.
Data backup is performed at least weekly.
Successive logon attempts are controlled using one or more of the following:
· Access is denied after multiple unsuccessful logon attempts.
· The number of access attempts in a given period is...
Only high-robustness GOTS or COTS IA and IA-enabled IT products are used to protect classified information when the information transits networks that are at a lower classification level than the...
Unless there is an overriding technical or operational problem, workstation screen-lock functionality is associated with each workstation. When activated, the screen-lock function places an...
The organization configures the information system to provide only essential capabilities and specifically prohibits or restricts the use of the following functions, ports, protocols, and/or...
This section describes the implementation requirements for different protection measure.
All privileged user accounts are established and administered in accordance with a role-based access scheme that organizes all system and network privileges into roles (e.g., key management, network,...
If a classified enclave contains SAMI and is accessed by individuals lacking an appropriate clearance for SAMI, then NSA-approved cryptography is used to encrypt all SAMI stored within the enclave.
Classified data transmitted through a network that is cleared to a lower level than the data being transmitted are separately encrypted using NSA-approved cryptography (See also DCSR-3).
The organization manages information system authenticators for users and devices by:
a. Verifying, as part of the initial authenticator distribution, the identity of the individual and/or device...