Vault/Secure Room Storage Standards - Automated Entry Control System (AECS) Transmission Line Security: AECS Transmission lines traversing an uncontrolled area (not within at least a Secret Controlled Access Area (CAA) ) shall use line supervision OR Electrical, mechanical, or electromechanical access control devices, which do not constitute an AECS that are used to control access during duty hours must have all electrical components, that traverse outside minimally a Secret Controlled Access Area (CAA), secured within conduit.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-245818	IS-02.02.09	IS-02.02.09	SV-245818r1138479_rule	2025-12-04	2

Description
Persons not vetted to at least the same level of classification residing on the information systems being protected by the AECS or other access control system components could gain access to the unprotected transmission line and tamper with it to facilitate surreptitious access to the secure space. Proper line supervision and/or physical protection within conduit will enable detection of line tampering. Such failure to meet standards for line supervision and physical protection could result in the loss or compromise of classified material. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Enclosure C, paragraph 34. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PE-3, PE-4, and PE-6. DOD Manual 5200.01, Volume 3, SUBJECT: DOD Information Security Program: Protection of Classified Information: Appendix to Enclosure 3, paragraphs 3.a.(5)(d) and 3.c.(4). 32 CFR 117 and 32 CFR 2001 and 2003 as well as DOD Manual 5220.32 Volume 1

Description

Persons not vetted to at least the same level of classification residing on the information systems being protected by the AECS or other access control system components could gain access to the unprotected transmission line and tamper with it to facilitate surreptitious access to the secure space. Proper line supervision and/or physical protection within conduit will enable detection of line tampering. Such failure to meet standards for line supervision and physical protection could result in the loss or compromise of classified material. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Enclosure C, paragraph 34. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PE-3, PE-4, and PE-6. DOD Manual 5200.01, Volume 3, SUBJECT: DOD Information Security Program: Protection of Classified Information: Appendix to Enclosure 3, paragraphs 3.a.(5)(d) and 3.c.(4). 32 CFR 117 and 32 CFR 2001 and 2003 as well as DOD Manual 5220.32 Volume 1

ℹ️ Check
1. Where Automated Entry Control Systems (AECS)protect SIPRNet assets in Secure Rooms, Vaults, or secret/TS CAAs: Ensure that transmission lines used to carry access authorizations, personal identification data, or verification data between devices or equipment, which are located outside "minimally" a Secret Controlled Access Area (CAA) have line supervision. 2. Electrical, mechanical, or electromechanical access control devices, which do not constitute an AECS that are used to control access during duty hours (while under direct continuous visual observation and control of a cleared employee or via CCTV) must have all electrical components, including wiring, or mechanical links (cables, rods, and so on) accessible only from inside the area, or, if they traverse outside a controlled area "minimally" a Secret Controlled Access Area (CAA), they must be physically secured within conduit to preclude surreptitious manipulation of components. TACTICAL ENVIRONMENT: This check is applicable where Vaults/Secure Rooms are used to protect classified materials or systems in a tactical environment. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.

ℹ️ Check

1. Where Automated Entry Control Systems (AECS)protect SIPRNet assets in Secure Rooms, Vaults, or secret/TS CAAs: Ensure that transmission lines used to carry access authorizations, personal identification data, or verification data between devices or equipment, which are located outside "minimally" a Secret Controlled Access Area (CAA) have line supervision. 2. Electrical, mechanical, or electromechanical access control devices, which do not constitute an AECS that are used to control access during duty hours (while under direct continuous visual observation and control of a cleared employee or via CCTV) must have all electrical components, including wiring, or mechanical links (cables, rods, and so on) accessible only from inside the area, or, if they traverse outside a controlled area "minimally" a Secret Controlled Access Area (CAA), they must be physically secured within conduit to preclude surreptitious manipulation of components. TACTICAL ENVIRONMENT: This check is applicable where Vaults/Secure Rooms are used to protect classified materials or systems in a tactical environment. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.

✔️ Fix
1. Where Automated Entry Control Systems (AECS)protect SIPRNet assets in Secure Rooms, Vaults, or secret/TS CAAs: Ensure that transmission lines used to carry access authorizations, personal identification data, or verification data between devices or equipment, which are located outside "minimally" a Secret Controlled Access Area (CAA) have line supervision. 2. Where electrical, mechanical, or electromechanical access control devices, which do not constitute an AECS are used to control access during duty hours (while under direct continuous visual observation and control of a cleared employee or via CCTV) they must have all electrical components, including wiring, or mechanical links (cables, rods, and so on) accessible only from inside the area, or, if they traverse outside a controlled area "minimally" a Secret Controlled Access Area (CAA), they must be physically secured within conduit to preclude surreptitious manipulation of components.

✔️ Fix

1. Where Automated Entry Control Systems (AECS)protect SIPRNet assets in Secure Rooms, Vaults, or secret/TS CAAs: Ensure that transmission lines used to carry access authorizations, personal identification data, or verification data between devices or equipment, which are located outside "minimally" a Secret Controlled Access Area (CAA) have line supervision. 2. Where electrical, mechanical, or electromechanical access control devices, which do not constitute an AECS are used to control access during duty hours (while under direct continuous visual observation and control of a cleared employee or via CCTV) they must have all electrical components, including wiring, or mechanical links (cables, rods, and so on) accessible only from inside the area, or, if they traverse outside a controlled area "minimally" a Secret Controlled Access Area (CAA), they must be physically secured within conduit to preclude surreptitious manipulation of components.