The Command Cyber Readiness Inspection (CCRI) increases the accountability and improves the overall security posture of the Department of Defense Information Network (DoDIN) and is mandated by the Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 6211.02D, Department of Defense Instruction (DoDI) 8500.2, IA Implementation. Results of the CCRI are reported to USCYBERCOM and to appropriate DoDIN Connection Approval Office.
Reviewed Command cyber Readiness Inspection (CCRI) preparation documents provided by the RNEC-NCR.
- CCRI Scoring (12.8 16JAN 18). Scoring is broken out into: Technical 60%, Computer Network Defense (CND) Directives 30%, Contributing Factors (culture, capability, conduct) 10%. CND Directives identified are: CTO 07-015 PKI Phase II (NIPR only), TASKORD 12-0823 SIPRNet PKI only), TASKORD 16-0080 (HBSS/EPS), TASKORD 13-0651 Insider Threat. Each component within the three areas is assigned a weight (1-4). Breakout is as follows:
- Technology Areas:
- Boundary Security 3
- Internal Network 3
- Vulnerability Scan 4
- DNS 3
- HBSS 4
- Traditional Security 4
- CDS 4
- Administrative CDS 2
- Mobility 2
- Releasable (REL) 2
- Web Server 3
- Database 3
- Exchange 2
- Video and Voice Over IP (VVOIP) 1
- Other (Windows OS, Unix OS, etc.) 1
- USCYBERCOM CND Directives
- CTO 07-015 PKI Phase II (NIPR) 3
- TASKORD 12-0863 SIPR PKI 3
- CTO 08-005/TASKORD 13-0670 3
- OPORD 16-0080 4
- TASKORD 13-0651 2
- The scanning technology area is scored based on the average number of findings per host
- Non-scanning technology areas are scored based on the percentage of open findings to potential findings
- Concern Indicator (scale 0 – 5) based on open findings using a weighted average. Critical (5), Moderate (3), Minor (1), Minimal Concern (0.5), No Concern (0). It appears that the weight of findings is: Critical and High (10), Medium (4), Low (1). For the scanning technology area (ACAS) the Concern Indicator is: 0 No Concern, >0 Minimal, >0 Minor, <=2.5 Moderate, >=3.5 Critical. For the non-scanning area (e.g. manual STIG or SRG), the Concern Indicator is: 0% No Concern, >0% Minimal, >0% Minor, >10% Moderate, >20% Critical.
- Use the "2CCRI Phase IV Grading Criteria Worksheet V1R4 31OCT17 to grade CCRI. See "Overall Grade" worksheet for score.
- 70% or worse score is an unacceptable grade. If below 70%, the Risk Indicator will be automatically adjusted to High Risk.
- USCYBERCOM OPORD 16-0080 Endpoint Security Compliance Inspection Procedures, Version 2 Revision 11, Current as of 22 August 2018. Covers HBSS ePO version and components (McAfee Agent (MA) Extension, Operational Attributes Manager (OAM), ArcSight Connector, Enhanced Reporting, Rollup Extender, OAM (Operational Attributes Module) Rollup, Asset Publishing Service (APS), Point Product Deployment, identification of whitelisted systems, McAfee Agent, Host Intrusion Detection System (HIPS), Policy Auditor (PA), Device Control Module (DCM/DLP), Asset Configuration Control Module (ACCM), Antivirus (AV), client module configuration, HIPS IPS, HIPS firewall, antivirus configuration, PA configuration, COOP configuration (SIPRNet only), DCP/DCM configuration, Rogue System Detection (RSD), rollup reporting, rollup reporting – ePO servers, APS publishing to CMRS daily, ArcSight connector configuration, HBSS training, personnel trained. Use spreadsheet "JFHQ-DODIN_CCRI EndPoitn Security OPORD 16-0080 Compliance Worksheet" for assessment.
- CCRI Computer Network Defense (CND) Directive Guide, Version 12 Revision 12, Current as of 16 February 2018. Covers specific checks per: CTO 07-015 PKI Phase II (NIPR only), TASKORD 12-0823 SIPRNet PKI only), TASKORD 16-0080 (HBSS/EPS), TASKORD 13-0651 Insider Threat.
- CCRI Risk Indicator Guide, Version 1, Revision 5, Current as of 13 August 2018. This document is based on NIST SP 800-30 rev 1, Guide for Conducting Risk Assessments. The Risk Indicator is part of the final CCRI Compliance Report; however, it is not a factor in determining the final CCRI grade or score. Based upon results from Technology reviews, CND Directives compliance, Contributing Factors evaluation and personal observations, CCRI Team Leads (TL) will provide a Risk Indicator score as part of a CCRI compliance report. As such, this document is a guide to properly complete the Risk Indicator worksheet in the nSpect tool. Many of the items assessed/scored per this document are redundant with the CCRI findings (CCRI Scoring). Items reviewed include: Traditional and Network Security STIG, antivirus definitions, HBSS (broken out in to ePO and endpoint protection components), COOP, Computer Network Defense Service Provider (CNDSP) alignment and relationship, cybersecurity practices and information assurance awareness, dated CAT I findings, cross domain solutions (CDS), Operational Readiness Inspections (ORI) and Exercises (ORE), target value for threat vectors, presence of vulnerable program managed systems, presence of end-of-life systems, port security, configuration management).
References:
- CCRI Scoring (12.8 16JAN 18). Scoring is broken out into: Technical 60%, Computer Network Defense (CND) Directives 30%, Contributing Factors (culture, capability, conduct) 10%. CND Directives identified are: CTO 07-015 PKI Phase II (NIPR only), TASKORD 12-0823 SIPRNet PKI only), TASKORD 16-0080 (HBSS/EPS), TASKORD 13-0651 Insider Threat. Each component within the three areas is assigned a weight (1-4). Breakout is as follows:
- Technology Areas:
- Boundary Security 3
- Internal Network 3
- Vulnerability Scan 4
- DNS 3
- HBSS 4
- Traditional Security 4
- CDS 4
- Administrative CDS 2
- Mobility 2
- Releasable (REL) 2
- Web Server 3
- Database 3
- Exchange 2
- Video and Voice Over IP (VVOIP) 1
- Other (Windows OS, Unix OS, etc.) 1
- USCYBERCOM CND Directives
- CTO 07-015 PKI Phase II (NIPR) 3
- TASKORD 12-0863 SIPR PKI 3
- CTO 08-005/TASKORD 13-0670 3
- OPORD 16-0080 4
- TASKORD 13-0651 2
- The scanning technology area is scored based on the average number of findings per host
- Non-scanning technology areas are scored based on the percentage of open findings to potential findings
- Concern Indicator (scale 0 – 5) based on open findings using a weighted average. Critical (5), Moderate (3), Minor (1), Minimal Concern (0.5), No Concern (0). It appears that the weight of findings is: Critical and High (10), Medium (4), Low (1). For the scanning technology area (ACAS) the Concern Indicator is: 0 No Concern, >0 Minimal, >0 Minor, <=2.5 Moderate, >=3.5 Critical. For the non-scanning area (e.g. manual STIG or SRG), the Concern Indicator is: 0% No Concern, >0% Minimal, >0% Minor, >10% Moderate, >20% Critical.
- Use the "2CCRI Phase IV Grading Criteria Worksheet V1R4 31OCT17 to grade CCRI. See "Overall Grade" worksheet for score.
- 70% or worse score is an unacceptable grade. If below 70%, the Risk Indicator will be automatically adjusted to High Risk.
- USCYBERCOM OPORD 16-0080 Endpoint Security Compliance Inspection Procedures, Version 2 Revision 11, Current as of 22 August 2018. Covers HBSS ePO version and components (McAfee Agent (MA) Extension, Operational Attributes Manager (OAM), ArcSight Connector, Enhanced Reporting, Rollup Extender, OAM (Operational Attributes Module) Rollup, Asset Publishing Service (APS), Point Product Deployment, identification of whitelisted systems, McAfee Agent, Host Intrusion Detection System (HIPS), Policy Auditor (PA), Device Control Module (DCM/DLP), Asset Configuration Control Module (ACCM), Antivirus (AV), client module configuration, HIPS IPS, HIPS firewall, antivirus configuration, PA configuration, COOP configuration (SIPRNet only), DCP/DCM configuration, Rogue System Detection (RSD), rollup reporting, rollup reporting – ePO servers, APS publishing to CMRS daily, ArcSight connector configuration, HBSS training, personnel trained. Use spreadsheet "JFHQ-DODIN_CCRI EndPoitn Security OPORD 16-0080 Compliance Worksheet" for assessment.
- CCRI Computer Network Defense (CND) Directive Guide, Version 12 Revision 12, Current as of 16 February 2018. Covers specific checks per: CTO 07-015 PKI Phase II (NIPR only), TASKORD 12-0823 SIPRNet PKI only), TASKORD 16-0080 (HBSS/EPS), TASKORD 13-0651 Insider Threat.
- CCRI Risk Indicator Guide, Version 1, Revision 5, Current as of 13 August 2018. This document is based on NIST SP 800-30 rev 1, Guide for Conducting Risk Assessments. The Risk Indicator is part of the final CCRI Compliance Report; however, it is not a factor in determining the final CCRI grade or score. Based upon results from Technology reviews, CND Directives compliance, Contributing Factors evaluation and personal observations, CCRI Team Leads (TL) will provide a Risk Indicator score as part of a CCRI compliance report. As such, this document is a guide to properly complete the Risk Indicator worksheet in the nSpect tool. Many of the items assessed/scored per this document are redundant with the CCRI findings (CCRI Scoring). Items reviewed include: Traditional and Network Security STIG, antivirus definitions, HBSS (broken out in to ePO and endpoint protection components), COOP, Computer Network Defense Service Provider (CNDSP) alignment and relationship, cybersecurity practices and information assurance awareness, dated CAT I findings, cross domain solutions (CDS), Operational Readiness Inspections (ORI) and Exercises (ORE), target value for threat vectors, presence of vulnerable program managed systems, presence of end-of-life systems, port security, configuration management).
References:
sap wm online training
ReplyDeletesap fico online training
abinitio training
sharepoint training
servicenow training
vmware training