Katie Coleman_CY511_DoD Project Checkpoint 2

.docx

School

University of West Alabama *

*We aren’t endorsed by this school

Course

511

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by ProfessorSalmon327

Project: Department of Defense (DoD) Ready Katie Coleman University of West Alabama CY-511 – Cybersecurity Organization Policy/Management Dr. Perez

The Department of Defense or the DoD has strict policies, standards, and control to guarantee the security of its information systems. To ensure the company stays in compliance with the DoD requirements, the company must implement policies, standards, and controls in the User, Workstation, LAN, and LAN-to-WAN Domains. It will include strong user authorization, authentication, workstation security configuration, LAN security settings, and encrypted LAN- to-WAN connections. The User Domain includes all persons who have access to the project’s resources. To ensure compliance with the DoD requirements, all users will be identified and authenticated by using strong passwords, biometrics, or smart cards. Users will only be granted access to necessary information, data, resources, and applications needed to perform their duties, which based on the principle of the least privilege. The Workstation Domain includes all the computers used by the project personnel. All workstations will be configured with the appropriate security settings to ensure compliance with the DoD requirements. This will include firewalls, antivirus software, and intrusion detection systems. All software that is installed on the workstations will be authorized and regularly patched to tackle known vulnerabilities. The LAN domain includes all local area networks used by the project personnel. LANs will be configured with the appropriate security settings. This will include firewalls, intrusion detection systems, and access control lists. All network traffic must be encrypted to protect against eavesdropping. This will ensure the company is following DoD requirements. LAN-to-WAN domain includes all connections between the LAN and the wide area network or the WAN. All connection will be encrypted using secure protocols to make sure the

company will stay in compliance with the DoD regulations. This will include IPsec or SSL. All traffic will be monitored and filtered to prevent unauthorized access into the network. A bullet list of DoD-compliant policies, standards, and controls that affect the WAN, Remote Access, and System/Application Domains are listed below: WAN Domain:  DoD Directive 8500:01: Cybersecurity  DoD Instruction 8500:02: Information Assurance (IA) Implementation  DoD 8510:01: Risk Management Framework (RMF) for DoD Information Technology  National Institute of Standards and Technology (NIST) Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations  NIST SP 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems  NIST SP 800-46: Guide to Enterprise Teleworker Services  Federal Information Processing Standards (FIPS) 140-2: Security Requirements for Cryptographic Modules  DoD Instruction 8140:01 Cybersecurity Workforce Management Remote Access Domain:  DoD Directive 8100:04 Remote Access to DoD Information Systems  DoD Instruction 8100:08: Use of Commercial Cloud Services  NIST SP 800-146: Cloud Computing Synopsis and Recommendations  NIST SP 800-178: Guide to Secure Cloud Computing  NIST SP 800-187: Authenticator Assurance Level (AAL) Requirements for Remote Authentication

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help