Draft Report: Infrastructure Research Introduction This report explains the rules and controls that Blue Stripe Tech will follow for its new contract with the U.S. Air Force Cyber Security Center (AFCSC). It focuses on the User, Workstation, LAN, and LAN-to-WAN Domains within Blue Stripe Tech's IT setup. Policy Frameworks NIST Cybersecurity Framework (CSF): This framework helps manage cybersecurity risks. It includes five main parts: Identify, Protect, Detect, Respond, and Recover. Blue Stripe Tech will use this framework to guide the creation and use of security policies and procedures. Risk Management Framework (RMF): The RMF is used by the DoD to integrate security and risk management into the system's development process. It focuses …show more content…
Security Awareness Training Policy: This policy requires regular training sessions for all employees on cybersecurity best practices, phishing awareness, and recognizing security threats. Standards:. Multi-Factor Authentication (MFA): MFA is required for accessing critical systems and sensitive data. Role-Based Access Control (RBAC): Users can access the information and systems needed for their roles. Controls:. User Account Management: Regular checks of user accounts to ensure they follow access control policies. Security Training Programs: Ongoing training and awareness programs for employees based on their roles and responsibilities. Workstation Domain:. Policies: - - Endpoint Protection Policy: Specifies the use of anti-virus software, endpoint detection and response (EDR) tools, and encryption for all workstations. Patch Management Policy: Requires regular updates and patches for all operating systems and software. Standards:. Encryption Standards: All sensitive data on workstations must be encrypted using strong encryption methods like AES-256. Configuration Management: Following CIS benchmarks to secure Windows 10 workstations. …show more content…
Network Segmentation: Use VLANs to split the network, keeping sensitive areas separate from general traffic. LAN-to-WAN Domain:.. Policies: - - Secure Communication Policy: Mandates using secure communication protocols for data transmission between LAN and WAN. Web Security Policy: Specifies using secure web gateways, URL filtering, and monitoring web traffic to prevent data breaches and malware infections. Standards:. VPN Standards: Use VPNs with strong encryption (e.g., AES-256) for secure remote access. TLS/SSL Standards: Implementing TLS/SSL to secure data in transit between LAN and WAN. Controls:. Virtual Private Networks (VPNs): Deploying VPNs for secure remote access to the network for authorized users. Secure Web Gateways: Implementing secure web gateways to monitor and filter web traffic, preventing access to harmful websites, and controlling data leaks. Conclusion This draft outlines the policy frameworks and DoD-compliant policies, standards, and controls that Blue Stripe Tech will follow to meet the requirements of the U.S. Air Force Cyber Security Center. By following the NIST, CSF and RMF frameworks and implementing the specified policies and controls, Blue Stripe Tech will ensure a strong and compliant IT