3.10.6 has a weight of -1 points

System Security Plan: Safeguarding CUI at Alternate Work Sites and During Transit

Policy Statement:
Our company is unwavering in its commitment to the integrity, confidentiality, and availability of Controlled Unclassified Information (CUI) regardless of its location, be it at an alternate work site, in transit, or at home.

Implementation Details:

1. Identification of Alternate Work Sites:
We have mapped out all alternate work sites, including private residences, temporary setups at partner facilities, or transit locations, where CUI is accessed or managed.

2. Risk Assessment for Each Site:
We conduct a comprehensive risk assessment for every alternate work site to address the unique challenges and risks pertinent to different environments.

3. Safeguarding Measures Enforced:

• Blueprints at Construction Sites:

  • We ensure secure storage in lockable containers when not in active use.
  • Access is strictly confined to authorized personnel.
  • Electronic versions are accessed strictly through our encrypted devices.

• Traveling Employees with CUI:

  • Documents are always securely stored in our approved locked containers/bags.
  • All electronic data is encrypted and necessitates multi-factor authentication for access.
  • Our employees are well-trained to circumvent accessing CUI in public settings.

• Home-Based Safeguards:

  • We mandate a dedicated and secure network connection for all work-related activities. Secondary backup connections are established where feasible.
  • All CUI data transmissions utilize our encrypted channels.
  • Our devices accessing CUI receive regular software and security updates.
  • We’ve disseminated guidelines to ensure physical security at homes, which include lockable storage solutions and privacy protocols.
  • Our clear desk policy and screen-locking procedures are non-negotiable, minimizing any exposure risks.

4. Training and Awareness Programs:
Our continual training modules focus on safeguarding CUI and underscore unique scenarios such as home-based work, traveling with CUI materials, and challenges at construction sites.

5. Continuous Monitoring:
We actively monitor for compliance and promptly detect any anomalies, irrespective of the work site.

6. Teleworking Protocols:
By adopting the guidelines from [SP 800-46] and [SP 800-114], we ensure that our teleworking protocols address the multifaceted challenges of various environments.

7. Incident Response:
Our tailored response plans are ever-ready to tackle potential security breaches at any location, ensuring immediate action and mitigation.

8. Physical Security Protocols:
Our guidelines span a variety of setups, from ensuring the sanctity of CUI at homes to its security at construction sites.

9. Clear Desk & Screen Protocols:
We actively enforce best practices to curtail exposure risks, no matter the working environment.

10. Regular Policy Reviews:
We periodically revisit our SSP, adjusting for evolving scenarios and integrating new best practices.

Plan of Actions & Milestones (POA&M) for Safeguarding CUI at Alternate Work Sites and During Transit

Objective: Ensure the uncompromised safety of Controlled Unclassified Information (CUI) across various work sites and transit scenarios.

1. Home Security Assessment
Milestone: Conduct security checks at homes of employees working with CUI.
Actions:

• Identify and prioritize homes based on frequency of CUI access.
• Schedule security assessments with third-party vendors or internal security teams.
• Generate a report on findings and recommendations.
  Completion Date: [Date]

2. Encryption Network Checks
Milestone: Ensure the consistent and effective use of encrypted network connections.
Actions:

• Schedule routine network scans for detecting non-encrypted data transmissions.
• Offer refresher training sessions on the importance of encryption.
• Implement alerts for unencrypted data transfers.
  Completion Date: [Date]

3. Distribute Lockable Containers for CUI Storage
Milestone: Ensure every employee working with physical CUI materials has access to a lockable storage container.
Actions:

• Audit current availability and use of lockable containers among employees.
• Procure additional containers based on need.
• Distribute to employees along with training on its proper use.
  Completion Date: [Date]

4. Continuous Training & Awareness
Milestone: Ensure all employees are well-versed in safeguarding CUI.
Actions:

• Schedule quarterly training sessions on various scenarios.
• Monitor and assess employee compliance post-training.
• Address and rectify any knowledge gaps identified.
  Completion Date: [Date]

5. Review & Update Teleworking Protocols
Milestone: Regularly update teleworking guidelines based on new threats or best practices.
Actions:

• Conduct an annual review of teleworking guidelines.
• Incorporate feedback from employees and industry best practices.
• Redistribute updated guidelines to all teleworking employees.
  Completion Date: [Date]

6. Periodic SSP Reviews
Milestone: Ensure SSP remains updated and relevant.
Actions:

• Schedule bi-annual reviews of the SSP.
• Adjust and update based on evolving scenarios and threats.
• Communicate any changes to all relevant stakeholders.
  Completion Date: [Date]

Tracking & Monitoring: Regular updates will be provided to senior leadership on the progress of each milestone, challenges encountered, and strategies employed to overcome them.