Command Cyber Readiness Inspection
Government organizations faced with maintaining compliance with strict cyber security standards have found our INTERCEPTOR CS solution to be an important component of their network security posture.
Department of Defense (DoD) and Intelligence Community (IC) information systems must be protected with adequate, or acceptable, security controls. These systems are subject to a periodic evaluation process to ensure compliance with the required controls. This process is called the DoD Risk Management Framework (RMF). The RMF structure consists of two portions: Assessment & Authorization (A&A). When security inspectors evaluate a particular system, they don’t certify the system; they “assess” it and provide recommendations. The second part of the process occurs when the recommendations are sent to the Designated Accrediting Authority (DAA) for the command or agency. At that point the DAA’s role is to review and “authorize” the assessment. Once completed, the DAA’s authorization allows the system to remain in operation.
The A&A process within DoD is accomplished through Command Cyber Readiness Inspections (CCRIs), a technical and operational program that ensures compliance with Information Assurance (IA) and computer network defense (CND) policies. The technical aspect of the inspection evaluates of the site's compliance with the configuration standards for various technologies as set forth in the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs).
Key CONCEPTS of the CCRI program include:
- A grading structure based on objective, measurable and repeatable processes.
- "No notice" facility inspections. These "no notice" inspections are directed from USCYBERCOM and the inspection team arrive at a facility on the same day as the inspection is to take place.
- A Traditional Security Checklist (TSC) comprising 151 items.
For traditional hardened carrier PDS, common areas for non-compliance concentrate on the ability/capability or lack thereof, to perform the required daily periodic visual inspections. Often commands are spread thin with respect to available forces necessary to conduct the inspections and often, hardened carrier was constructed in areas incapable of being visually inspected. Or cables were originally installed to carry non-classified traffic, and therefore not installed in a PDS, but later needed to be utilized to accommodate the growth in classified connections. INTERCEPTOR CS has been often used in those cases to rapidly and economically bring the systems into compliance by converting the traditional PDS to an alarmed PDS, especially following a “no notice” CCRI where time was not afforded to bring a system up to standard by constructing a PDS, rerouting or installing new cables, etc.
The CCRI Traditional Security Checklist for
Alarmed Protective Distribution Systems (APDS) includes:
- The appropriateness of a PDS carrier in its suitability for supporting the functionality of the approved alarm sensor
- The alarm system sensor employed must be approved by the cognizant COMSEC and/or physical security authorities.
- The alarm system and signal transmission must be in an IDS meeting DoD requirements
- The alarm signal must be sent to a 24/7 monitor station.
- PDS alarm functionality and performance must be verified on at least a daily or weekly basis.
- A Standard Operating Procedure (SOP) must be available. This SOP must include procedures to:
- Verify the alarm functionality and performance on at least a daily or weekly basis
- Ensure response by security personnel in the area of possible attempted penetration, within 15 minutes of discovery.
- Provide for inspection of the PDS to determine the cause of the alarm.
- Define action to be taken regarding the termination of transmission.
- Initiate investigation of actual intrusion attempt, etc.
- A properly installed and functional alarmed PDS that is successfully tested at least weekly need not be installed so that it is completely visible.
INTERCEPTOR CS Allows Organizations to Check YES to
Everything on Your Alarmed - PDS CCRI Traditional Security Checklist!
|The appropriateness of a PDS carrier in its suitability for supporting the functionality of the approved alarm sensor||INTERCEPTOR CS was developed from the ground up to detect tampering by monitoring fibers within the classified cabling (Intrinsic Monitoring™) or sensing fibers deployed in metallic pathways co-existing with the classified cabling (Extrinsic Monitoring™). All other alarm sensor systems before INTERCEPTOR were and still remain derivations of fence monitoring technologies.|
|The alarm system sensor employed must be approved by the cognizant COMSEC and/or physical security authorities.||INTERCEPTOR CS has been approved for use in numerous PDS plans in both CONUS and OCONUS facilities since 2003. INTERCEPTOR has been listed on the USAF Approved Products List for Alarm PDS since 20XX. A USAF Emissions Security Interim Memorandum (ESIM) issued in 20XX as well as a US Army Memorandum of Understanding (MOU) in 20XX authorized its use with Interlocking Armored Optical Fiber Cable in lieu of hardened carrier pathways. INTERCEPTOR CS has been deployed in PDS in all branches of the US Military.|
|The alarm signal must be sent to a 24/7 monitor station||INTERCEPTOR CS utilizes patented Cyber Secure alarm response management software to provide centralized, remote monitoring of systems deployed locally, regionally or globally.|
|PDS alarm functionality and performance must be verified on at least a daily or weekly basis.||INTERCEPTOR CS accomplishes this requirement automatically on a user-defined schedule by incorporating the StopLight™ ancillary device.|
|A Standard Operating Procedure (SOP) must be available.||
The INTERCEPTOR CS Cyber Secure alarm response management software includes a “SOP Wizard” which automates the creation of a customized SOP. The elements of the wizard were incorporated with input and guidance from the US Army Tempest Group.
All sub-checklist items including alarm verification, security personnel response protocols, action steps, inspection details and documentation, audit trails and even optional termination of transmission is automated by the INTERCEPTOR CS Cyber Secure alarm response management software and StopLight device.
|A properly installed and functional alarmed PDS that is successfully tested at least weekly need not be installed so that it is completely visible.||Network Integrity Systems lead the way by working with the DoD Tempest Groups and optical cable manufacturers to make this a reality! This monumental modification to legacy PDS deployment methods results in tremendous material and labor cost reductions, reduced burdens on inspection forces, enhanced building aesthetics and most important, significantly improved security because PDS inspections are NEVER overlooked (the system is always on guard) and would be adversaries no longer have easy access to classified pathways.|