RA-6—Technical Surveillance Countermeasures Survey
>Control Description
>DoD Impact Level Requirements
No specific parameter values or requirements for this impact level.
>Discussion
A technical surveillance countermeasures survey is a service provided by qualified personnel to detect the presence of technical surveillance devices and hazards and to identify technical security weaknesses that could be used in the conduct of a technical penetration of the surveyed facility. Technical surveillance countermeasures surveys also provide evaluations of the technical security posture of organizations and facilities and include visual, electronic, and physical examinations of surveyed facilities, internally and externally. The surveys also provide useful input for risk assessments and information regarding organizational exposure to potential adversaries.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your organization's documented risk assessment policy and how does it address the requirements of RA-6?
- •Who has been designated as responsible for conducting and maintaining risk assessments?
- •How frequently are risk assessments conducted and what triggers an update to the risk assessment?
Technical Implementation:
- •What methodology or framework do you use to conduct risk assessments?
- •How do you identify and categorize threats and vulnerabilities during the risk assessment process?
- •What tools or systems support your risk assessment activities?
- •Who conducts penetration testing and how frequently is it performed?
Evidence & Documentation:
- •Can you provide the most recent risk assessment report?
- •What evidence demonstrates that risk assessment findings are communicated to appropriate stakeholders?
- •Where are risk assessment results documented and how long are they retained?
- •Can you provide the most recent penetration test report and POA&M items?
Ask AI
Configure your API key to use AI features.