Description
Required Source Information and ToolsWeb References:
Links to Web references in this document and related materials are subject to change without prior notice.
The following tools and resources will be needed to complete this project:
- Course textbook
- Internet access
- DoD instructions or directives
http://www.dtic.mil/whs/directives/ - Risk Management Framework (RF) for Department of Defense Information Technology (IT) http://www.dtic.mil/whs/directives/corres/pdf/8510... and http://www.rmf.org/images/stories/rmf_documents/85...
- Department of Defense Information Security Program
http://www.fas.org/irp/doddir/dod/5200-1r/ - Department of Defense Internet Services and Internet-Based Capabilities
http://www.dtic.mil/whs/directives/corres/pdf/8550... - Department of Defense Proposes New Information Security Requirements for Contractors:
http://www.hldataprotection.com/2010/03/articles/c... - School/public library (optional)
- 12 servers running Microsoft Server 2012 R2, providing the following:
- Active Directory (AD)
- Domain Name System (DNS)
- Dynamic Host Configuration Protocol (DHCP)
- Enterprise Resource Planning (ERP) application (Oracle)
- A Research and Development (R&D) Engineering network segment for testing, separate from the production environment
- Microsoft Exchange Server for e-mail
- Symantec e-mail filter
- Websense for Internet use
- Two Linux servers running Apache Server to host your Web site
- 390 PCs/laptops running Microsoft Windows 7 or Windows 8, Microsoft Office 2013, Microsoft Visio, Microsoft Project, and Adobe Reader
- Select a team leader for your project group.
- Hold weekly team meetings as a group and/or with your instructor to be sure your team is proceeding correctly.
- Create policies that are DoD compliant for the organization’s IT infrastructure.
- Develop a list of compliance laws required for DoD contracts.
- List controls placed on domains in the IT infrastructure.
- List required standards for all devices, categorized by IT domain.
- Develop a deployment plan for implementation of these polices, standards, and controls.
- List all applicable DoD frameworks in the final delivery document.
- Write a professional report that includes all of the above content-related items.
Deliverables
Project Checkpoints
The course project has a checkpoint strategy. Checkpoint deliverables allow you to receive valuable feedback on your interim work. In this project, you have several ungraded checkpoint deliverables. (See the course Syllabus for the schedule.)undefined
You may discuss project questions with the instructor, and you should receive feedback from the instructor on previously submitted work. Checkpoint deliverables ensure refinement of the final deliverables, if incorporated effectively. The final deliverable for this project is a professional report.
Checkpoint | Expected Deliverables |
4 | Submit a bulleted list of DoD-compliant policies, standards, and controls that affect the WAN, Remote Access, and System/Application Domains. |
Scenario
You work for a high-tech company with approximately 390 employees. Your firm recently won a large DoD contract, which will add 30% to the revenue of your organization. It is a high-priority, high-visibility project. You will be allowed to make your own budget, project timeline, and tollgate decisions.
This course project will require you to form a team of 2 to 3 coworkers (fellow students) and develop the proper DoD security policies required to meet DoD standards for delivery of technology services to the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency. To do this, you must develop DoD-approved policies and standards for your IT infrastructure (see the “Tasks” section below). The policies you create must pass DoD-based requirements. Currently, your organization does not have any DoD contracts and thus has no DoD-compliant security policies or controls in place'
Explanation & Answer
Attached. Please let me know if you have any questions or need revisions.
1
DoD-Compliant Policies, Standards, and Controls
DoD-Compliant Policies, Standards, and Controls
Student's Name
Course
Professor's Name
University
City
Date
2
DoD-Compliant Policies, Standards, and Controls
Introduction
Policies that are DoD agreeable for the association's IT framework
The standard is given under the authority of DoD which DoD has different sorts of
strategies. These are:
General organization strategy
The DoD should sure that the mystery of the touchy data during capacity, preparing, and
transmission. The DoD would be conceded the admittance to the organizations that are relied
upon the obligation necessities and the need to get to the sources. The DoD has the standard
strategy that neither affirms nor prevents the receipt from getting the grumbling or whether the
examination is underway. On the off chance that the examination is the dispatch for this
situation, it might want to tumble to the authoritative examination office of IG.
The rules given in this report are relying upon the strategy for the organization's norms.
There are adhering to standard:
Deployment plan
This will reissue and renames DoD guidance 851 0.01. This will carry out through
building up the FMF for DoD IT, setting up related network safety strategy, and dole out duties
regarding executing and keep up the RMF. Redesignates the DIACAP specialized warning
gathering as the RMF TAG. It coordinates permeability of approval documentation and reuse of
the curios between and among DoD parts convey and get DoD IT. This will give the procedural
3
DoD-Compliant Policies, Standards, and Controls
direction for the corresponding acknowledgment of the choices of power and ancient rarities in
the DoD and between the DoD and other organization of government
WAN Domain Policies
We will implement A private WAN which will be working for our company to interface
workplaces in conjunction with the DoD. These kinds of WANs are developed utilizing
committed rented lines, satellites, and additionally microwave interchanges. . Subsequently, this
present space's principles will in general lead to zero in essentially on the WAN form output and
supporting parts. Our company will have few WAN-explicit guidelines or approaches to
implement the policies of DoD.
Control Standards
The WAN-explicit principles, will address WAN administration, Domain Name Services
(DNS), switch security, conventions, and Web administrations. The principles may get down on
explicit security necessities for WAN gadgets like switches, switches, and remote devices. A
WAN controls standard will incorporate the accompanying statements: The IS office will
endorse all passageways to the WAN for us. The IS office will give our company the WAN
admittance. The IS division will support all WAN-related location changes and configurations.
The 390 employees of our company will interface with the DoD should initially consent to an
arrangement to keep the prerequisites illustrated in the WAN Security Standard...