Juzilkree Why it matters The U. Part 3 of this tutorial overview of cybersecurity focuses on the U. There are two levels of SGR, core more conceptual and technology. Highlighting some of these changes: As outlined in CNSSIpreserving the three discrete components, rather than using the HWM, provides granularity in allocating security controls to baselines and reduces the need for subsequent tailoring. Determining the impact ddod for all information types interacting with the IS and for the IS itself. Levels handle increasingly controlled unclassified information.
|Published (Last):||18 August 2010|
|PDF File Size:||14.5 Mb|
|ePub File Size:||16.19 Mb|
|Price:||Free* [*Free Regsitration Required]|
Department of Defense Instruction The basic tenants are similar to other industry and governmental regulations such as NIST Within While Often times this leaves it up to the discretion of the Information Assurance managers to make sure they implement the proper people, processes, and technologies for each of the controls. Of particular interest to our customers are the requirements in Specifically ECAT states, "Audit trail records from all available sources are regularly reviewed for indications of inappropriate or unusual activity.
Or does it mean that someone needs to sit in front of a screen all day watching log events scroll up the screen. What To review audit log data requires an automated capability that collects the audit data, analyzes it, correlates it and then provides alerts when it detects suspicious activity. Once we understand the components necessary to meet this specific requirement, the next step is understanding how to utilize people, process and technology.
In particular, ECAT states that events need to be reviewed for "indications of inappropriate or unusual activity. This is because that every network is different based upon the variances of each organizational mission. One particular DoD organization may support a mission that requires the transfer of large media files; one that supports a medical mission; and yet another that supports a tactical program.
However, there are some common threads across all environments that IAMs can look for in an effort to identify any unusual activity.
Dod Instruction 8500.2, Information Assurance (Ia) Implementation