Enterprise security system deployment.
It seems the term is synonymous with "no you can't" or it's going to be a difficult process that has to be approved at the senior level to do something that seems so simple on your home computer system.
Effective security is seldom convenient or easy. If it were easy it wouldn't be worth doing. I'm sure the enemy would like for it to be both convenient and easy.
Information security requirements have always existed, but only brought to the forefront of importance and leader focus in recent years due to major incidents involving national security with emerging technologies, vulnerabilities and impacts to unit mission.
U.S. Army Central Command in coordination with the 335th Signal Command (Theater) (Provisional) engaged the Defense Information Systems Agency for a comprehensive security compliance tool that has the ability to automate and report the security posture of a networks key components.
The requirement for a tool that will consolidate and supplement existing IA tool data collections to increase situational awareness and enhance the security posture to meet IA compliance for certification and accreditation, vulnerability management and asset tracking in a user friendly dashboard view. DISA responded to our request with the identification of a tool they've been using for years to meet their compliance requirements. ESPS is a comprehensive security compliance tool created at DISA Defense Enterprise Computer Center in Montgomery, Ala. This tool has enhanced capabilities that supplement other IA tools and provides situational awareness of the security posture of all servers, databases, and systems for Security Technical Implementation Guide, Information Assurance Vulnerability Assessment, Security Content Automation Protocol compliance checker and Vulnerability Management System file generation to upload across multiple operating system platforms. The partnership with DISA in piloting this system will provide a snapshot for leaders to consider making this tool available to all of DoD as an enterprise service offering.
Enterprise Security Posture System provides a Graphical User Interface to view compliance status on a dashboard for servers, databases, and workstations. This tool was created internally at DISA DECC Montgomery to meet their IA compliance requirements in an automated, cost effective manner. ESPS has enhanced capabilities that supplement existing IA tools with the scalability to support future tools. ESPS was developed to provide automation and detection that no other tool provides. Other tools such as HBSS Policy auditor, Space and Naval Warfare Systems Command SCAP Compliance Checker, 3.0 and the STIG Viewer do not provide the complete review of all applicable STIGs, IAVMs, policies and SCAP checks that is provided by ESPS.
For example, the SPAWAR SCC tool had 356 of the 614 checks that are in VMS for the windows operating system.
In addition, SCC doesn't cover any of the additional targets for the Windows OS like McAfee, Internet Information Services, and Domain Name Services. Other tools provide a portion of these checks, but only ESPS provides all necessary checks in an automated fashion and reports that are easily understood by information assurance security personnel. This tool utilizes Unix and Windows scripts that are developed to encompass and supplement FSO toolkits (Gold Disk, SRR, Winbatch). One of our newest improvements in ESPS is the incorporation of Retina and Assured Compliance Assessment Solution Nessus scan data. This capability further improves the visibility of the complete security posture of an asset. Once incorporating the toolkit, which is essentially an agent loaded on servers and workstations, it will check in with the master database and schedule scans and upload of automated data collections that are organized and available for report generation. If the existing reports do not meet the individualized needs of a unit, a request for change can be submitted for customized reports. Initial piloting of ESPS is complete at the Main Command Post, this system will be further deployed throughout the South West Asia area of responsibility in coming months for integration into business processes and greatly assist with the IA security posture and certification and accreditation challenges in that environment.
Information security requirements will continue to exist as the enemy will continue to try and exploit information that they are not intended to have. If we can mitigate the occurrence of major incidents involving national security with technology, we have to keep up with emerging technologies available to our enemies to subvert vulnerabilities that impact mission readiness and the ability to command and control.
ACAS--Assured Compliance Assessment Solution
DISA--Defense Information Systems Agency
DECC--DISA Defense Enterprise Computer Center
DNS--Domain Name Services
ESPS--Enterprise Security Posture System
GUI--Graphical User Interface
IAVA--Information Assurance Vulnerability Assessment
IIS--Internet Information Services
SCC--SCAP Compliance Checker
SCAP--Security Content Automation Protocol
STIG--Security Technical Implementation Guide
SWA--South West Asia
SPAWAR--Space and Naval Warfare Systems Command
USARCENT--U. S. Army Central Command
VMS--Vulnerability Management System
MAJ Scott A. Salmon graduated from Central Missouri State University, with a Bachelor Degree in marketing. and was commissioned in 2001. He earned the Certified Information Security Manager certification in 2010 and has completed the Signal Captains Career Course. MAJ Salmon has served a variety of increasingly responsible Signal positions including platoon leader, battalion FA53 automation officer, battalion S6, USARCENT HQ support operations officer in charge of networks, systems and helpdesk, information assuarance program manager and information assurance manager.
|Printer friendly Cite/link Email Feedback|
|Author:||Salmon, Scott A.|
|Date:||Jun 22, 2014|
|Previous Article:||New satellite terminal program increases network capacity and reach.|
|Next Article:||Operating an effective Afghanistan network.|