slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Beyond Standards PowerPoint Presentation
Download Presentation
Beyond Standards

Loading in 2 Seconds...

play fullscreen
1 / 40

Beyond Standards - PowerPoint PPT Presentation

  • Uploaded on

Beyond Standards. Beyond Standards. Standards ISFO Manual Threats Case Study Future. Baseline Standards. Audit Policy Event Logs Configuration User rights S ecurity options Network, Firewall, Port protocol Others. Baseline Standards. Audit Policy

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Beyond Standards' - amandla

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


  • Standards
  • ISFO Manual
  • Threats
  • Case Study
  • Future

Baseline Standards

  • Audit Policy Event Logs Configuration
  • User rights Security options
  • Network, Firewall, Port protocol
  • Others

Baseline Standards

Audit Policy

  • Basic Audit versus Advanced Audit Policy

Event Logs

  • Retain old events and Automatically backup log when full

Baseline Standards

  • User Rights
  • Add workstations to domain
  • Synchronize directory service data
    • Bypass traverse checking

Baseline Standards

  • User Rights
  • Impersonate a client after authentication
    • Devices: Allow undock without having to log on

Baseline Standards

  • Security Options
  • Domain controller: Refuse machine account password changes
    • Domain controller: Allow server operators to schedule tasks

Baseline Standards

  • Networking
  • Internet Communication
  • Events.asp Links
    • Turn Off Handwriting Personalization Data Sharing
  • Power Options
    • Require a Password When a Computer Wakes
    • Network Connections
    • Route all traffic through internal network

Baseline Standards

  • Networking
  • NTP server : Configure Windows NTP client
  • localtimeserver Type
    • Set to NT5D5. ( Setto NT5DS if the system is not PDC)
  • TCPIP Settings\IPv6 Transition Technologies
    • IPHTTPS Url
    • Firewall
    • Display Notification ( Set to Yes)
    • Firewall log file ( currently set to %windir%.log)
    • Set to

Baseline Standards

  • Networking
  • Firewall
    • IPv6 Block of UDP 3544
  • Remote Desktop Services
    • Do not use temporary folders per session should be associated with Remote Desktop Session Host\Temporary folders.
  • Search Setting
    • Search-Allow indexing of encrypted files
    • Search-Enable indexing uncached Exchange folders

Baseline Standards

  • Services
  • Remote Desk Services Crashes on refresh of GPO
  • Remote Desktop Help Session Manager ( ignored on windows 7 and windows 2008)
  • SNMP Trap Service is SNMP Trap
  • Simple Service Discovery Protocol Discovery Service is SSDP Discovery ( needed for plug and play)
  • World Wide Web Publishing Services is World Wide Web Publishing Service

Baseline Standards

  • Virtualization
  • Allow log on through Remote Desktop Services
  • Deny log on through Remote Desktop Services
    • Set to Everyone ( should be Guests)
  • Virtual OS

Baseline Standards

  • Security Relevant Objects
  • SROs for NT5 (XP, 2003) but not used by NT6 (7,2008)
    • c:\windows\system32\kdcsvc.dll
    • c:\windows\system32\msgina.dll
    • c:\windows\system32\ntbackup.exe
    • c:\windows\system32\ntdsa.dll
    • c:\windows\system32\ntdsatq.dll
    • c:\windows\system32\regedit.exe
    • c:\windows\system32\rshx32.exe
    • c:\windows\syswow64\rshx32.exe
    • c:\windows\syswow64\spool\printers

Baseline Standards


Difference in baseline between NT5 and NT6

  • NT5 Audit: Shut down system immediately is. Enabled.
  • NT6Audit: Shut down system immediately is Undefined.
  • NT5 Restrict CD-ROM access to locally logged-on user only is Enabled.
  • NT6 Restrict CD-ROM access to locally logged-on user only is Disabled.

Baseline Standards

  • Others
  • Difference in baseline between NT5 and NT6
  • NT5 Interactive logon: Number of previous logons to cache is 0
  • NT6 Interactive logon: Number of previous logons to cache is 2 logons or less
  • NT5 Shutdown: Clear virtual memory page file is Enabled
  • NT6 Shutdown: Clear virtual memory page file is Disabled
  • NT6 Every Administrative actions required authentication

ODAA Process Manual

ODAA Process Manual v3.2, November 15, 2013

Summary of Changes

odaa process manual
ODAA Process Manual

Aligned under National Institute of

Standards and Technology (NIST) 800-53 Controls

odaa process manual1
ODAA Process Manual

C&A Documentation Process Divided into Three Categories

  • Management Controls, 3.0
  • Operational Controls, 4.0
  • Technical Controls, 6.0
odaa process manual2
ODAA Process Manual

NIST 800-53 Control Mapping 10.0 (page 86)

odaa process manual3
ODAA Process Manual

Publication date: November 15, 2013

Effective date: May 15, 2014

odaa process manual4
ODAA Process Manual

Removable Media Restrictions 4.7.2 (p. 51)

  • Write ability will be restricted to people designated and briefed by ISSM.
  • The default will be to disable write ability for all forms of removable media.
odaa process manual5
ODAA Process Manual
  • SIPRNet Section 9.0 (pp. 81-84)
  • Command Cyber Readiness Inspections (CCRI)
  • NISP SIPRNet Circuit Acquisition Process
odaa process manual6
ODAA Process Manual

Defense Industrial Base Cyber Security Accreditation Process (DIBNet) 9.2

Use to report cyber security incidents

odaa process manual7
ODAA Process Manual

Self-Certification Requirements (p.32)

  • Introduction to NISP C&A Process
  • NISP C&A Process: A Walk-Through
  • Technical Implementation of C&A
odaa process manual8
ODAA Process Manual

Logon Banner (pp 68-70)

  • NISPOM compliant systems (p. 69)
  • DoD Warning Banner for SIPRNet (p. 70)
odaa process manual9
ODAA Process Manual

Other Items:

But nothing really new

odaa process manual10
ODAA Process Manual

Examples of reasons to deny an IATO:

  • Missing or incomplete UID
  • ISSM did not sign the IS Security Package Statement
  • Missing H/W List – S/W List – Configuration Diagram
  • Physical security not adequately explained
odaa process manual11
ODAA Process Manual

Examples of reasons to deny an IATO:

  • No signed DSS Form 147 – for Closed Area
  • No Certification Test Guide Results provided
  • Missing letter from GCA if variances are needed
  • Identification and authentication not fully addressed
odaa process manual12
ODAA Process Manual

Periods Processing (p. 19)

Clearing can be used to overwrite HD for reuse at same or higher level.

Not for TS

odaa process manual13
ODAA Process Manual

Sanitizing 4.4.2 (pp 41-43)

  • Spills can be cleaned up by overwriting
  • Get GCA approval prior to or after incident
  • If GCA does not respond after 30 days assume approved
  • GCA may require destruction
odaa process manual14
ODAA Process Manual

Incident Response Plan 4.5.2

  • The contractor shall develop an incident response plan.
  • Distribute copies of the incident response plan to appropriate incident response personnel.
  • The incident response plan shall be reviewed and revised when appropriate to ensure accuracy.
odaa process manual15
ODAA Process Manual

Classified Spill Cleanup Procedures 4.5.3

  • Coordination with sender / receiver / data owner
  • Wiping Utility Instructions 4.5.4 (p. 45)
  • Reporting (NISPOM 1-303)
odaa process manual16
ODAA Process Manual

Trusted Download 4.7.4

Alternate Trusted Download procedures need letterhead memo signed by data owner or GCA. (p. 53)

odaa process manual17
ODAA Process Manual
  • Weekly Audits 6.7.1 (p.71-72)
  • Audits need to be done at least weekly
  • “At least weekly” means once per calendar week
  • Cyber Threat
  • Insider Threat


Any person with authorized access to any United States Government resource to include personnel, facilities, information, equipment, networks, or systems.

Insider Threat:

The threat that an insider will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of resources or capabilities.

insider threat mitigation has become an urgent requirement for dod agencies


Insider Threat mitigation has become anurgent requirement for DoD agencies
  • Presidential Memorandum and Executive Order (EO) 13587
    • Created steering committee
    • Executive Agent for Safeguarding Classified Info on Networks
    • National Insider Threat Task Force
      • Produce national policy, standards
      • Provide assistance and assessments to departments/agencies
  • EO 10450, Security Requirements for Government Employment
      • Authority to investigate any information that comes to its attention that indicates retaining any officer or employee of the agency may not be consistent with national security interests
      • Provides authority to conduct inquires both prior to an actual hiring and after an individual has been hired by the agency

“In the wake of an unprecedented document dump that is straining U.S. diplomatic relations in some corners of the world, the administration ordered agencies last month to ensure that unauthorized employees do not get access to sensitive or classified information.”



(not all-inclusive)

  • Excessive and abnormal intranet browsing, beyond the individual's duties and responsibilities, of internal file servers or other networked system contents
  • Attempts to obtain classified or sensitive information by an individual not authorized to receive such information
  • Unauthorized copying, printing, faxing, e-mailing, or transmitting classified material
  • Contact with an individual who is known or suspected of being associated with a foreign intelligence or security organization
  • Hacking or cracking activities, social engineering, electronic elicitation, e-mail spoofing or spear phishing
case study
Case Study

What would you do?

Questions ?
  • Contact DSS….