Foreign National (FN) Administrative Controls - Procedures for Requests to Provide Foreign Nationals System Access
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-245769 | FN-05.02.02 | SV-245769r917330_rule | Medium |
| Description |
| STIG | Date |
| Traditional Security Checklist | 2024-08-09 |
Details
| Check Text (C-49200r917180_chk) |
| Check to ensure there are local written procedures for when foreign national request access to U.S. systems. Validate the standards are correct. Ensure Foreign Nationals only hold IT positions authorized by regulation - primarily DOD 8570.01-M, IA Workforce Improvement Program. TACTICAL ENVIRONMENT: This check is applicable where REL partners/LN/FN are employed in a tactical environment with access to classified or unclassified US Systems or Coalition Systems. |
| Fix Text (F-49155r917181_fix) |
| There must be local written procedures for when there is a foreign national request to access to U.S. systems. Foreign Nationals must only hold IT positions authorized by regulation. IAW DOD 8570.01-M: C3.2.4.8.2. ...LNs and Foreign Nationals (FNs) must comply with background investigation requirements and cannot be assigned to IAT Level III positions. TACTICAL ENVIRONMENT: This check is applicable where REL partners/LN/FN are employed in a tactical environment with access to classified or unclassified US Systems or Coalition Systems. NOTE: DODM 8570 requirements will be met until full implementation of DODM 8140.03 requirements. Implementation dates for DOD Manual 8140.03 include a two-year timeline for personnel (civilian and military) in positions coded with cybersecurity work roles and three years for personnel (civilian and military) in positions coded with work roles in any other workforce element. The dates for required qualification would be 15 February 2025 for cybersecurity work roles and the same date in February 2026 for all Defense Cyber Workforce Framework work roles. |