Information Assurance (IA)/Cybersecurity News, Alert, and Reference Resources

Part of an any IT or IA/Cybersecurity professional's job is staying on top of news, governance, vulnerabilities, and technology and implementing countermeasures, mitigating vulnerabilities, and other security guidance or policy. The following is a list of resources for IT and IA/Cybersecurity professionals, primarily oriented towards support of Federal systems and networks, in particular DoD and Intelligence Community (IC).

Web Sites:

DoD:

• DoD Chief Information Officer (CIO) Portal
• Chief Information Officer, US Department of Defense​
• DoD Technical Information Center (DTIC). DoD’s authoritative source for scientific and technical (S&T) information!
• USCC IAVM Portal (NIPR). SIPR https://www.cybercom.smil.mil/J3/IAVM/default.aspx. JWICS https://intelshare.intelink.ic.gov/sites/icscc/vm/
• Enterprise Mission Assurance Support Service (eMASS). A pilot for eMASS is available, see this site for further instructions:  https://army.deps.mil/NETCOM/sites/RMF/SitePages/TTPs.aspx.
• DoD Enterprise Reporting Service (ERS)
• RMF Knowledge Service
• Risk Management Framework (RMF) Knowledge Service (RMFKS) Links​. CNSS, DoDD, DoDI, Memorandum, NIST, and other publications.
• Army G-3/5/7 Bolte Portal HQDA EXORDS, OPORDs, PLANORDs​
• Army Enterprise Content Management and Collaboration Services (ECMCS)
• ECMSC milSuite
• Army CIO/G-6 Collaboration Portal​
• Army CIO/G-6 Policy
• Army Cyber Command/2nd Army
• ARCYBER​
• Army Cyber Command/2nd Army G36 Information Page. Provides IAVM Alerts and Bulletins, Discussion Board, and ACAS information.
• Army Cyber Center of Excellence. Products for training, lessons learned, and doctrine for signal, cyber, and electronic warfare.
• Army Information Assurance One Stop Shop​. Army CIO/G-6 Cyber Directorate.
• Army Computer Emergency Response Team (ACERT). The ACERT-CNO conducts and synchronizes operations across the Computer Network Operations (CNO) spectrum in support of the U.S. Army to ensure the availability, integrity, and confidentiality of the information and information systems used by commanders worldwide.​ This site publishes INFOCON status and also provides procedures for suspected incidents or intrusions.
• Army Regional Cyber Center - CONUS (RCC-C).  Also see NETCOP & Operations repository (ASIs, Cyber Bulletins, Network Bulletins, Reports, TCIRs). Subscribe to SharePoint alerts.
• Army Knowledge Management (KM) Resource Center. Contains NETCOM Configuration Items (CI) such as the Active Directory naming guide.
• Army Enterprise Infrastructure (AEI) Naming Conventions and Standards. Army Enterprise Configuration Item (CI) Naming and Identification Convention, Version 1.1, 2 October 2012. Army Enterprise Infrastructure Naming Conventions and Standards, Version 6.2, 05 August 2011 NETC-G-0411-0.
• Network Enterprise Technology Command (NETCOM). DISA Enterprise Portal Services (DEPS) SharePoint Site for NETCOM.
• NETCOM RMF Page
• NETCOM RMKS. Orders and FRAGOs, templates, and TTPs.
• NETCOM Access Only Triage Tracker
• NETCOM IAVM Portal
• 93rd Signal Brigade CyberSecurity Division
• Army NEC Community of Purpose​
• ​Network Enterprise Center Fort Belvoir (RNEC-NCR)
  RNEC Cyber Security Division Web Portal  
• US Army Corps of Engineers (USACE) Army Taskings​. EXORDs, OPORDs, VDP, IAVMs, etc. applicable to CorpsNet.
• Navy Chief Information Officer (CIO)​
• Collaboration Area for Risk Management (CARM). Intelshare site for knowledge sharing, template development, workgroup collaboration, and anything else pertaining to Cybersecurity and Risk Management. Project - RMF Navy Categorization Form - 2017-02-14​ spreadsheet and other templates available.

​Non-DoD:

• Cybersecurity and Infrastructure Security Agency (CISA). On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This landmark legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA). CISA provides comprehensive cyber protection, infrastructure resilience, and emergency communications. CISA's National Cybersecurity and Communications Integration Center (NCCIC) provides 24x7 cyber situational awareness, analysis, incident response and cyber defense capabilities to the Federal government; state, local, tribal and territorial governments; the private sector and international partners. CISA provides cybersecurity tools, incident response services and assessment capabilities to safeguard the networks that support the essential operations of federal civilian departments and agencies. CISA coordinates security and resilience efforts using trusted partnerships across the private and public sectors, and delivers training, technical assistance, and assessments to federal stakeholders as well as to infrastructure owners and operators nationwide. CISA provides consolidated all-hazards risk analysis for U.S. critical infrastructure through the National Risk Management Center. CISA enhances public safety interoperable communications at all levels of government, providing training, coordination, tools and guidance to help partners across the country develop their emergency communications capabilities. Working with stakeholders across the country, CISA conducts extensive, nationwide outreach to support and promote the ability of emergency response providers and relevant government officials to continue to communicate in the event of natural disasters, acts of terrorism, and other man-made disasters.
• ​​National Cybersecurity Center of Excellence​. The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges. Through consortia under Cooperative Research and Development Agreements (CRADAs), including technology partners—from Fortune 50 market leaders to smaller companies specializing in IT security—the NCCoE applies standards and best practices to develop modular, easily adaptable example cybersecurity solutions using commercially available technology. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cyber Security Framework and details the steps needed for another entity to recreate the example solution. The NCCoE was established in 2012 by NIST in partnership with the State of Maryland and Montgomery County, Md. To learn more, visit the links below, review our fact sheet, and read about the NCCoE’s history​.

Industry:

• BAI Information Security Consulting & Training
• Carnegie Melon University Information Security Office
• MeriTalk FITARA Dashboard. Each federal agency's scorecard for the Federal Information Technology Acquisition Reform Act (FITARA) of 2014.
• Risk Management Framework (RMF) Resource Center
• MITRE ATT&CK. MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT&CK™) is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. 
• AFCEA SIGNAL Resource Library (filtered for "cyber"). AFCEA offers a wide range of white papers, EBooks, case studies, event videos and analytical content in our Resource Library. These documents may be relevant to your work and of interest to you as a member of the global defense, security and intelligence community.
• Qualys Blog. Topics concerning asset management, IT security, compliance, cloud, containers, web application security, certificates, developer APIs, and the Qualys Cloud Platform.

Commercial Sites Dedicated to Government News:

• C4ISR
• DefenseSystems
• Federal Computer Week (FCW)​
• Federal Times​
• Government Computer News (GCN)
• Nextgov
• Washington Technology

Commercial IT and IA/Cybersecurity News and Information:

• ​How-to Geek​
• Windows IT Pro
• Reddit sysadmin
• Reddit NISTControls

Organizations:

• ASIS. ASIS International is the leading organization for security professionals worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests, such as the ASIS International Annual Seminar and Exhibits, as well as specific security topics. ASIS also advocates the role and value of the security management profession to business, the media, government entities, and the public.
• Center for Internet Security (CIS)
• CSIAC. The Cyber Security and Information Systems Information Analysis Center (CSIAC) is a Department of Defense (DoD) Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC). The CSIAC is a consolidation of three predecessor IACs: the Data and Analysis Center for Software (DACS), the Information Assurance Technology IAC (IATAC) and the Modeling & Simulation IAC (MSIAC), with the addition of the Knowledge Management and Information Sharing technical area.
• CMA. Cyber Management Alliance. As specialist practitioners and consultants, we deliver the highest level of specialized operational and strategic cyber security training courses, educational webinars, and an informative series of executive interviews with highly-regarded industry professionals, innovative live and virtual events, bringing about the collaboration and sharing of information worldwide.
• ICIT. Institute for Critical Infrastructure Technology. a 501C3, next-generation cybersecurity think tank cultivating a cybersecurty renaissance for the Nation's critical infrastructure community.
• ISACA. As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.
• (ISC)2
• (ISC)2 Safe and Security Online​
• ​Military Cyber Professionals (milSuite, Google+, Twitter)
• NICCS. National Initiative for Cybersecurity Careers and Studies. NICCS is managed by the Cybersecurity Education and Awareness Branch (CEA) within the Department of Homeland Security’s (DHS) Office of Cybersecurity and Communications (CS&C). CEA promotes cybersecurity awareness, training, and education and career structure, with the added goal of broadening the Nation’s volume of cybersecurity workforce professionals.
• NICE. National Initiative for Cybersecurity Education. The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST), is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development. The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our Nation secure.
• ICMCP. International Consortium of Minority Cybersecurity Professionals.
• SANS. Sysadmin, Network, Audit, and Security.

​​Mailing Lists:

• 451 Alliance​. Free offer for (ISC)2 members.
• 53List. Need subscription information for this.
• CIS MS-ISAC​
• cloudsavvyIT
• Cyber Edge. 
• DevOps.com.
• DoD Issuances​
• DISA IASE
• The Drumbeat. DISA's mission partner-focused newsletter. milSuite URL:  https://www.milsuite.mil/book/docs/DOC-426463​
• Full Disclosure. The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers' right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them.
• Military Open Source Software [mill-oss]. MILITARY OPEN SOURCE SOFTWARE (Mil-OSS) Mil-OSS has been established to connect and empower an active community of civilian and military open source software and hardware developers across the U.S.
• National Cybersecurity and Communications Integration Center (NCCIC) and United States Computer Emergency Readiness Team (US-CERT). From this page, you can also subscribe to US Department of Homeland Security, National Institute of Standards (NIST), Federal Emergency Management Agency (FEMA), Department of Defense (DoD), Defense Information Systems Agency (DISA), National Guard Bureau (NGB), and other Federal organizational mailing lists.
• Network World​. Dozens of newsletters covering news, analysis, product reviews, security, wireless, data centers, etc.
• National Institute of Standards and Technology (NIST) Computer Security Division Computer Security Resource Center (CSRC)​
• USCYBERCOM
• Army Cyber Command (ARCYBER)/2nd Army G36
• S1NET​. Army milSuite resource which provides recently published Army Directives (AD) and All Army Activity (ALARACT) messages, Military Personnel (MILPER) messages, and member contributions and requests. In the military, S1 is concerned with manpower and personnel. "S" is for Army or USMC executive staff sections within headquarters of organizations commanded by a field grade officer (i.e., Major through Colonel) and having an executive officer to coordinate the actions of the executive staff (e.g., divisional brigades, regiments, groups, battalions, and squadrons; not used by all countries. "G" is for Army or USMC general staff sections within headquarters of organizations commanded by a general officer and having a chief of staff to coordinate the actions of the general staff, such as divisions or equivalent organizations (e.g., USMC Marine Aircraft Wing and Marine Logistics Group) and separate (i.e., non-divisional) brigade level (USMC MEB) and above​.

Webinars:

• CSIAC Webinars. Cyber Security & Information Systems Information Analysis Center (CSIAC) offers free webinars on a regular basis with experts in the technical subject areas of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management/Information Sharing. This podcast series is all the webinars that have been recorded.​

Newsletters and Blogs:

• AFCEA The Cyber Edge. 
• CSIAC CS Digest​. Cyber Security & Information Systems Information Analysis Center Cybersecurity Digest 
• DHS CISA Blog.
•  Qualys
•  Bruce Schneier's Crypto-Gram​​​​​​​​​​​
• ECMCS Newsletter. Enterprise Content Management and Collaboration Services (ECMCS). Army's portion of DISA Enterprise Portal Service (DEPS).
• Focus on FedRAMP
• KrebsOnSecurity 
• Law360:  Aerospace & Defense, Cybersecurity & Privacy, Government Contracts, Public Policy, Technology
• Microsoft TechNet Security Guidance Blog 
• naked security​. Computer security news from Sophos.
• Samy Kamkar​
• TechCrunch​
• The Switch​
• WonderHowTo​
• Washington Technology Daily
• SANS Newsletters

Digital Magazines:

• ​C4ISR&Networks
• Cyber (The magazine of the MCPA)

​​Twitter Feeds:

• ARCYBER​
• U.S. Army Cyber CoE
• Army Cyber Institute​
• Ars Technica​
• CIO
• Cisco Security
• ​CISecurity
• CIAC, a DoD Information Analysis Center (IAC)
• CSO​online
• DarkReading
• Dixon Hughes Goodman LLP Government Contracting
• Department of Homeland Security (DHS)
• DIA
• DoD Issuances
• EiQ Networks
• FBI​
• Federal Times​
• FireEye​
• FishNet Security​
• Infosecurity
• integricell​
• Kaspersky Lab
• briankrebs
• Kristin Paget
• Microsoft Security
• Network World​
• NSA/CSS​
• National Cyber Security Alliance (NCSA)
• Petri IT Knowledgebase
• @S1NET1
• Qualys
• Randy Franklin Smith
• Sammy Kamkar​
• SANS Institute
• schneierblog​
• SCMagazine
• The Hacker News
• Threatpost
• Tripwire​​
• TruShield Security​
• Windows IT Pro
• Veriato

YouTube:

• Military Cyber Professionals Association (MCPA)
• Veriato (formerly SpectorSoft). User Activity Monitoring (UAM), User Behavior Analytics (UBA).

Facebook:

• Veriato

Google+

• Veriato

RSS Feeds

• TechRepublic

Podcasts

• AWS Podcast. The AWS Podcast is the definitive cloud platform podcast for developers, devops, and cloud professionals seeking the latest news and trends in storage, security, infrastructure, serverless, and more.
• Defense One. Defense One Today will provide news, analysis and ideas for national security leaders and stakeholders.

Slack

• 53List.
• DevOps Institute Community

Conferences:

• AFCEA Intelligence Community (IC) IT Day. February 28, 2019. Hyatt Regency Fairfax, Fairfax, VA.
• AFCEA Army Signal Conference. March 12-15, 2019. Waterford at Springfield, Springfield, VA.
• AFCEA NGA 2019 Spring Intelligence Symposium. March 19-20, 2019. NGA Campus East, Springfield, VA. TS/SCI/NOFORN.
• AFCEA Belvoir Days. March 21-22, 2019. Gaylord Hotel & Convention Center, National Harbor, MD.
• (ISC)2 Secure Summit DC 2019. April 23-24, 2019. Washington, DC.
• AFCEA Army IT Day. May 1, 2019. Westfields Marriot, Chantilly, VA.
• ​GEOINT 2019. June 2-5, San Antonio, TX.
• Navy Information Warfare Industry Day. June 21, 2019. NGA Campus East, Springfield, VA. Secret/NOFORN.
• AFCEA Classified Cyber Forum. June 12, 2019. Perspecta Conference Center, Chantilly, VA (ClassifiedEvent - Secret/NOFORN).
• AWS Re:Inforce 2019. June 25-26. Boston Convention and Exhibition Center, Boston, MA.
• AFCEA Army Intelligence Industry Day. June 27, 2019. NGA Campus East, Springfield, VA. Secret/NOFORN. 
• DoDIIS Worldwide 2019. August 18-21, 2019. Tampa, FL.
• Intelligence & National Security Summit. September 4-5, 2019. Gaylord Hotel & Convention Center, National Harbor, MD. 
• Intelligence & National Security Summit - Classified Day. September 12, 2019. NGA Campus East, Springfield, VA. TS/SCI/NOFORN.
• (ISC)2 Security Congress. October 28-30, Orlando, FL.

Other:

• AFCEA SIGNAL Media Resource Library 
• AFCEA Corporate Cyber Directory
• Build and Operate a Trusted DoDIN. Chart created by Cyber Security & Information Systems Information Analysis Center (CSIAC) with cybersecurity-related policies and issuances developed by the DoD Deputy CIO for Cybersecurity.
• Army Sysman - System Center Implementation and Documentation. SharePoint folder access must be requested from NETCOM G-35/SysMan Team.