DoD Patch Repository aims to Shorten the Inventory Management Process – DoD military and civilian employees can access this site, enabling them to download antivirus software for home use – potentially decreasing risk of malicious logic entering DoD networks at work.
Army Communications-Electronics Command Software Engineering Center recently unveiled the CECOM patch repository, providing updates and cyber patches for Soldier-centric C5ISR systems in one convenient place. By consolidating several web locations into this single spot, inventory management should become simpler.
Antivirus Software License Agreement
DOD has taken an important step to protect Army command, control, communications, computer cyber intelligence surveillance and reconnaissance (C5ISR) systems — Soldiers’ eyes and ears on the battlefield — from cyber threats. On Oct. 1, Army Communications-Electronics Command Software Engineering Center launched a central online repository containing updates and patches for over 70 C5ISR systems from multiple systems across multiple web locations into one accessible website; making patch updates and downloads simpler than ever.
This repository is open only to active DOD military and civilian personnel and available on their home computers, thereby helping minimize risk from employees bringing malicious logic from work onto personal systems and ultimately compromise DOD networks. McAfee anti-virus and security software is available for download on PC and Mac systems and contractor personnel are not permitted to utilize it at home.
You agree to abide by and comply with the terms of this Agreement in order to use the Software, including paying any associated fees for additional services and functions that it may contain, as well as covering any data transfer costs incurred while accessing and using it.
F-Secure reserves the right to make modifications to these Terms at any time without prior notification to you, taking effect for both current and future uses of its Software. Should any change prove unacceptable to you, you may end this Agreement simply by discontinuing usage.
This Agreement grants you a license for up to the maximum number of Devices allowed by your purchase or transaction documentation from F-Secure or its distributor. It does not constitute the sale of Software or rights therein; furthermore, you cannot transfer or use more than one copy at once; any copies made for backup purposes shall remain under your sole responsibility.
Security Technical Implementation Guides (STIGs)
Security Technical Implementation Guides, or STIGs, are configuration standards used by the Defense Department’s information networks that help reduce vulnerabilities by decreasing attack surfaces. These guidelines have been tailored specifically for DOD systems spanning cloud, mobility and operating system components as well as components that offer mobility. STIGs are widely utilized by both government agencies and private organizations alike.
Each Security Technical Implementation Guide (STIG) contains requirements and instructions for protecting a product. These requirements are organized based on their severity. Category I vulnerabilities pose the highest risk, possibly leading to loss of confidentiality, availability or integrity and even allowing unauthorized access to classified data or facilities as well as mission failure. Category II vulnerabilities pose less severe threats; such as denial of service attacks or delays in recovering from outages.
Federal IT teams frequently face the daunting challenge of identifying and fixing code vulnerabilities before hackers exploit them, which can often be time consuming and laborious. Luckily, tools exist that automate this task to make compliance with cybersecurity requirements simpler for federal IT staff. Such tools scan code bases for vulnerabilities before prioritizing them for review by their team of federal IT staff.
CIS offers many resources that can help you begin this process, including its free online tool called the CIS Compliance Checker. This simple yet straightforward tool makes assessing compliance with various security benchmarks of the Center for Internet Security easy. Furthermore, you can track compliance over time and assign user roles while tracking changes over time; additionally PowerSTIG’s open-source project enables creating Desired State Configurations following STIG guidelines; it’s capable of simultaneously assessing multiple systems at once and compatible with both Windows and Linux environments.
System Requirements Guides (SRGs)
Defense Information Systems Agency (DISA) maintains the Security Reference Group (SRG). This baseline allows DoD to evaluate commercial cloud service offerings (CSOs) to determine whether or not they meet DoD security requirements and whether to grant provisional authorizations allowing them to host DoD missions. The SRG is designed to adhere to NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” while also including FedRAMP moderate for all information impact levels. Kreigline noted that the SRG was created by dissecting high-level policy frameworks into operationally implementable guides for specific technologies, which include tools for mitigating insider threats, restricting applications and preventing lateral movements.
Cyber Discipline Plan
Cybersecurity discipline encompasses practices such as strong authentication and device hardening that reduce an adversary’s ability to move freely within DoD information networks. Together with cybersecurity culture and compliance measures, this forms part of DoD’s anti-threat strategy. Recently, it updated and publicly released its Cyber Discipline Plan so contractors could gain insight into which hygiene practices DoD units must implement; additionally two reports provide updates regarding cyber information for leadership review.