Information Assurance Vulnerabil DISA Internal Process and

Similar documents
Guide to Using DoD PKI Certificates in Outlook 2000

EAD Expected Annual Flood Damage Computation

Report Documentation Page

Overview Presented by: Boyd L. Summers

NAVAL POSTGRADUATE SCHOOL

DCAA and the Small Business Innovative Research (SBIR) Program

Headquarters U.S. Air Force

Obsolescence Considerations for Materials in the Lower Sub-Tiers of the Supply Chain

Asset Management- Acquisitions

John Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011

DEFENSE CONTRACT AUDIT AGENCY

DSS Secret Internet Protocol Router Network (SIPRnet) Processing Procedures

Algorithmic Research and Software Development for an Industrial Strength Sparse Matrix Library for Parallel Computers

Using the Advancement Degree of Difficulty (AD 2 ) as an input to Risk Management

ELECTRONIC HEALTH RECORDS. Fiscal Year 2013 Expenditure Plan Lacks Key Information Needed to Inform Future Funding Decisions

An Application of an Iterative Approach to DoD Software Migration Planning

Integrated Force Method Solution to Indeterminate Structural Mechanics Problems

Certificate Request Generation and Certificate Installation Instructions for IIS 5 April 14, 2006

Intelligence Community Public Key Infrastructure (IC PKI)

THE MIMOSA OPEN SOLUTION COLLABORATIVE ENGINEERING AND IT ENVIRONMENTS WORKSHOP

An Oil-Free Thrust Foil Bearing Facility Design, Calibration, and Operation

REPORT DOCUMENTATION PAGE *

RT 24 - Architecture, Modeling & Simulation, and Software Design

AFRL-RX-WP-TP

Cyber Security Training and Awareness Through Game Play

Mobile Robot Knowledge Base

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

Addressing the Real-World Challenges in the Development of Propulsion IVHM Technology Experiment (PITEX)

CAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE

Advanced Micro Ring Resonator Filter Technology

Interagency National Security Knowledge and Skills in the Department of Defense

DEFENSE BUSINESS PRACTICE IMPLEMENTATION BOARD

Simulation of Air Flow Through a Test Chamber

ADVANCED NETWORK SECURITY PROJECT

IISUP-. NAVAL SUPPLY SVSTE:MS COMMAND. Ready. Resourceful. Responsive!

Microstructural Evaluation of KM4 and SR3 Samples Subjected to Various Heat Treatments

Mr. Steve Mayer, PMP, P.E. McClellan Remediation Program Manger Air Force Real Property Agency. May 11, 2011

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

Synchronization of Unique Identifiers Across Security Domains

Pima Community College Planning Grant For Autonomous Intelligent Network of Systems (AINS) Science, Mathematics & Engineering Education Center

Cancellation of Nongroup Health Insurance Policies

Dr. Gary S. E. Lagerloef Earth and Space Research, 1910 Fairview Ave E

Department of Defense INSTRUCTION. Public Key Infrastructure (PKI) and Public Key (PK) Enabling

Department of Defense INSTRUCTION. SUBJECT: Public Key Infrastructure (PKI) and Public Key (PK) Enabling

DISA's Application Security and Development STIG: How OWASP Can Help You. AppSec DC November 12, The OWASP Foundation

Army Environmental Policy and ISO 14001

LMI. Improving EDI Data Quality. Logistics Management Institute. W. Michael Bridges Charles D. Guilliams MT403LN1

Issue Paper. Wargaming Homeland Security and Army Reserve Component Issues. By Professor Michael Pasquarett

THE DEPARTMENT OF DEFENSE INFORMATION ASSURANCE SUPPORT ENVIRONMENT 1

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

Ports, Protocols, and Services Management (PPSM)

A DOCTORAL PROGRAM WITH SPECIALIZATION IN INFORMATION SECURITY A High Assurance Constructive Security Approach

A Manager's Checklist for Validating Software Cost and Schedule Estimates

I N S T I T U T E F O R D E FE N S E A N A L Y S E S NSD-5216

DATA ITEM DESCRIPTION

REPORT DOCUMENTATION PAGE

Joint Knowledge Online. CAC Login Troubleshooting Guide

FIRST IMPRESSION EXPERIMENT REPORT (FIER)

Military Health System Conference

Office of Inspector General

Security Content Automation Protocol for Governance, Risk, Compliance, and Audit

Office of Inspector General

DATA ITEM DESCRIPTION

Software Vulnerabilities in Java

BY ORDER OF THE COMMANDER USTRANSCOM INSTRUCTION 33-3 UNITED STATES TRANSPORTATION COMMAND 5 DECEMBER 2011

WEB SERVER SECURITY TECHNICAL IMPLEMENTATION GUIDE Version 6, Release December Developed by DISA for the DoD

TITLE: The Impact Of Prostate Cancer Treatment-Related Symptoms On Low-Income Latino Couples

Department of Defense PKI Use Case/Experiences

CERT Virtual Flow Collection and Analysis

DATA ITEM DESCRIPTION

Department of Defense INSTRUCTION

Assessment of NASA Dual Microstructure Heat Treatment Method Utilizing Ladish SuperCooler Cooling Technology

UNCLASSIFIED (U) U.S. Department of State Foreign Affairs Manual Volume 5 Information Management 5 FAM 870 NETWORKS

Department of Defense INSTRUCTION

Department of the Interior Privacy Impact Assessment

Report No. D May 14, Selected Controls for Information Assurance at the Defense Threat Reduction Agency

Subj: NAVY IMPLEMENTATION OF DEPARTMENT OF DEFENSE INTELLIGENCE INFORMATION SYSTEM (DODIIS) PUBLIC KEY INFRASTRUCTURE (PKI)

DATA ITEM DESCRIPTION

MS SQL Server Backup - User Guide

UMass at TREC 2008 Blog Distillation Task

Defense Travel Management Office

Non-Autoclave (Prepreg) Manufacturing Technology

A GPS Digital Phased Array Antenna and Receiver

Installing and configuring Microsoft Reporting Services

In June 1998 the Joint Military Intelligence. Intelligence Education for Joint Warfighting A. DENIS CLIFT

NAVSUP FLC NORFOLK PHILADELPHIA OFFICE

Transcription:

IA-00109. Information Assurance Vulnerabil DISA Internal Process and I ItY Alert SYstem Jacqueline Price Snouffer jackie.snouffer@ritchie.disa.mil (7 17) 267-9997 9 February 1999

Form SF298 Citation Data Report Date ("DD MON YYYY") 09021999 Report Type N/A Dates Covered (from... to) ("DD MON YYYY") Title and Subtitle Information Assurance Vulnerability Alert DISA Internal Process and System Authors Contract or Grant Number Program Element Number Project Number Task Number Work Unit Number Performing Organization Name(s) and Address(es) DISA Sponsoring/Monitoring Agency Name(s) and Address(es) Performing Organization Number(s) Monitoring Agency Acronym Monitoring Agency Report Number(s) Distribution/Availability Statement Approved for public release, distribution unlimited Supplementary Notes Abstract Subject Terms "IATAC COLLECTION" Document Classification unclassified Classification of Abstract unclassified Classification of SF298 unclassified Limitation of Abstract unlimited Number of Pages 22

REPORT DOCUMENTATION PAGE Form Approved OMB No. 074-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503 1. AGENCY USE ONLY (Leave blank) 2. REPORT DATE 3. REPORT TYPE AND DATES COVERED 2/9/99 Briefing 4. TITLE AND SUBTITLE Information Assurance Vulnerability Alert DISA Internal Process and System 5. FUNDING NUMBERS 6. AUTHOR(S) Jacqueline Price Snouffer 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION REPORT NUMBER IATAC Information Assurance Technology Analysis Center 3190 Fairview Park Drive Falls Church VA 22042 9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSORING / MONITORING AGENCY REPORT NUMBER Defense Technical Information Center DTIC-IA 8725 John J. Kingman Rd, Suite 944 Ft. Belvoir, VA 22060 11. SUPPLEMENTARY NOTES 12a. DISTRIBUTION / AVAILABILITY STATEMENT 12b. DISTRIBUTION CODE A 13. ABSTRACT (Maximum 200 Words) This briefing outlines DISA's internal procedure for tracking IAVAs. It discusses the policy, procedures, organizations responsible for tracking the IAVAs, and the security features of the program. 14. SUBJECT TERMS DISA, vulnerability 15. NUMBER OF PAGES 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS PAGE UNCLASSIFIED 19. SECURITY CLASSIFICATION OF ABSTRACT UNCLASSIFIED 20. LIMITATION OF ABSTRACT None

IAVA Background DOD has mandated that all C/S/A develop a methodology for ensuring: - Vulnerability alert notifications are received by System Administrators - Vulnerabilities are corrected within 30 days - Periodic/Random validation of system status IAVA-VCTS 2

Td dce 6) t) s=: ce i E 0 cts G 0 T 1 3 + (I 0 0 94 3 m ce 0. 1 (I c) 0

s >

VCTS Security Features NIPRNET/ SIPRNET PKI Server Certificate Netscape 4.05 or IE 4.0 128 Bit SSL Encryption -7.. - Userid - Password - Data.IP Filtering IAVA-VCTS Proxy Server NTFS Permissions SQL Server Permissions Encrypted Data Daily Backups Monitoring 6

0 & G0 0 m Td 0. I fl 0 s 0 x u 0 k

BACKGROUND IAVA-VCTS

Vulnerability Compliance Tracking System (VCTS) Capabilities Notification of alert to registered users based on function Acknowledgement of receipt by system Process for requesting waivers Tracking of closure/posture of vulnerabilities IAVA-VCTS 10

VCTS Registration Process b L DISA Form 41 RSA Chambersburg Create User s NT Account Load IP Address Create User Profile Prepare User Package 5 Days or Less Return Receipt via FAX User Account Activated within 24 hours L FEDEX 1 day DMC Chambersburg fax: 717-267-9055 DSN: 570 IAVA-VCTS 11

z w

0 x0 c 0

User Types System/Network Administrators - Recieves only those bulletins for systems they have registered or have been given update authority for - Requests waiver - Cannot view system data that they have not been given explicit permission to IAVA-VCTS 15

Current Reports Available ISSMIXO - Compliance Summary Report by Vulnerability (VM02) - Active Users by Organization (VM03) - Registered Systems by Organization (VM04) - Waiver Summary Spreadsheet (VM08) SA/ISSM/XO - Compliance/Acknowledgement Report by System (VSO 1) - Compliance/Acknowledgement Report by Vulnerability (VS02) IAVA-VCTS 16

V 2.0 Enhancements Link to Accredited System/Major Program - Allow for oversight by Program Management Office - Allow for Waiver Request/Granting for entire Program - Allow Email by PM0 to SA(s) - Multiple accreditor based on system/program - Allow Accreditor to review site and system status - Allow Accreditor to review asset/component information - Cross Oganizational browsing at program level IAVA-VCTS 18

Fully automate waiver process V 2.0 Enhancements - Through ISSM/Program/Technical/Adjudication Chain - Process for Major Programs to be determined by Program - Multiple DAAs - Ability to establish different waiver processes depending on program or system Specifications out for comment on 1 March 1999 IAVA-VCTS 19

V 2.x Requested Enhancements Status Information - Update status after completion - Allow browse by X0, ISSM, PMO, CIO - Provide list of N/A reasons Allow ISSM to enter Organizational Comment Acknowledgement - Unacknowledge Receipt - Confirm Acknowledgement IAVA-VCTS 20

V 2.x Requested Enhancements Subscription to bulletins ISSM to give permission to a system within their organization to any registered SA Supporting reports for new functionality IAVA-VCTS 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information