NFARS prepares for upcoming Command Cyber Readiness Inspection
By Staff Sgt. Matthew Burke, 914th Airlift Wing Public Affairs
/ Published October 29, 2015
NIAGARA FALLS AIR RESERVE STATION, N.Y. --
Members of the Defense Information Systems Agency (DISA) will be visiting the base from Nov. 2-6, 2015, to conduct a Command Cyber Readiness Inspection (CCRI).
Inspectors will assess the installation's compliance with DOD Information Assurance policies as well as traditional and physical security standards. Additionally, inspectors will ensure the base's cyber security posture for the network and information systems is doing its part to make the cyber domain a safe place to perform the mission.
"Every interaction a person has with the network creates a risk," said Gary Broderick, Wing Information Systems Security Manager, 914th Communications Squadron. "We try to teach and inform personnel to mitigate those risks, as best as possible, by following good security practices."
The goal of the CCRI is to validate that NFARS's network configuration, status of our authority to connect and the security readiness of the base meets or exceeds DOD standards. Inspectors will also confirm that classified and sensitive information created, transmitted, and stored is protected from unauthorized disclosure.
The primary focus of the inspection will be centered on the 914 CS and the network facilities that house critical components and classified systems. However, all base personnel will be instrumental in guaranteeing a satisfactory inspection. Users are encouraged to practice routine security procedures to prevent unauthorized access to the network.
"Many times it's something as simple as removing your CAC (common access card) from the computer, when you leave your work station," said Broderick.
Below are a list of tips users should keep in mind to ensure their computers, information and workstation areas are secure:
· Know your Unit Security Managers and your Information Assurance Officers
· Lock computers and remove common access cards when leaving the system unattended
· Never leave a classified computer unattended unless it's in an area formally approved for open storage of classified information
· Never open e-mail attachments from unknown senders
· Never share your passwords or PIN with anyone
· Never connect any cellular phone, i-Pad, or BlackBerry device to your computer via USB
· Protect Personally Identifiable Information (PII) data by encrypting e-mail and files
· Report spam and scams to your unit Information Assurance Officer; do not forward them
· Always secure your office area when empty and departing at the end of the day
· Challenge anyone in your areas that you do not recognize; find out why they are there and determine the reason is legitimate; report suspicious personnel to your unit security manager
· Ensure positive access control procedures are followed at all times; control the movement of visitors in your areas and facilities; provide escorts when necessary
· Report suspicious requests for information to your unit security manager or supervisor
The 914 CS has been working hard to ensure the base network is configured properly, is secure and is compliant with DOD policies and directives.
"Unfortunately, this isn't a find-and-fix inspection," said Broderick. "If DISA finds a discrepancy we'll take the hit and it will affect network access until we can rectify the issue."
During the inspection, organizations that process and store classified information can expect a visit from the CCRI team; 100% of all classified processing areas will be reviewed. CCRI personnel could also visit locations across NFARS to attempt to solicit sensitive information like user names and passwords, PII, and other items. They may even try to gain access to classified information or attempt to gain unauthorized entrance to controlled areas. Personnel must remain vigilant to prevent such access, and immediately report such attempts to the chain of command.
"The best advice I can give Wing members is to practice 'Clean Desk Policy,'" said Broderick. "Nothing on your desk, including personal devices and various forms of media, remove your CAC cards when you leave, and ensure your workspace is free of sensitive paperwork."
For more information about the CCRI, please call the 914th Communications Squadron Help Desk at x3310.