Category Archives: DIARMF

main category of diarmf blog.

diacap tarry town

DIACAP Compliance Engineer and Information Assurance Lead Jobs (risk management framework)

Role: DIACAP Compliance Engineer
Location: Tarrytown, NY
Duration: 6+ months

Enterprise Solution Inc.
500 E. Diehl Road, Suite 130, Naperville, IL 60563
Office: # 630-214-9485
E-Mail : pradyut@enterprisesolutioninc.com
Gmail : pradyut10.esi@gmail.com

Title: Information Assurance Lead
Location: Aberdeen, MD
Client: Federal
Duration: Full Time

Home


8251 Greensboro Drive, 9th Floor

McLean VA 22102
yogeshk@etalentnetwork.com

Office: (877) 715-3865 Ext.328

I get people contacting me every week about jobs all around the US! Today, I am going to show you a couple that I received recently. I hope that it will give you some idea of what employers and contracts look for in security compliance professionals.

diacap tarry town

Job position for DIACAP Compliance Engineer at Tarrytown, NY

Role: DIACAP Compliance Engineer
Location: Tarrytown, NY
Duration: 6+ months

Keywords: – STIG, TFS, DevOps, Windows Imaging WIX, MSI, PowerShell, Anti-Virus, Whitelisting

Job Description:
Background
Source code management (SCM) & DEVOPS team (Infrastructure Team) manages the entire continuous integration, continues development chain process of a global Engineering conglomerate.
Application is developed using Microsoft technology C#, C++, WPF, MVVM and custom control on Windows-7 platform. The backbone of the entire SCM is Microsoft TFS while the packaging strategy is utilizing MSI and WIX. The current build management is driven by customized XMAL with PowerShell usage. Now the plans are to move to VNEXT that provides flexibility as an orchestrator and allows better reporting, triggering and logging facility.
The Goal of this team is to make the entire infrastructure to be in compliant with DIACAP (DoD Information Assurance Certification and Accreditation) process

Expectations – The team is looking out for Engineers who can augment the current team and support on following tasks
This means the identified engineer needs experience in DIACAP process (not knowledge) on how the system could be transformed to be DIACAP compliant system.
• Experienced in the Security Technical Implementation Guide (STIG) that provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR).
• Identify loopholes and open items as part of IIS 7.0 Web Server to ensure that the IIS 7.0 becomes STIG compliant and thus related request handling and filtering are done in control manner and encryption is applied for protocols or data exchange for HTTP, FTP or telnet and more of such tasks etc.
• Ensuring the basic need of McAfee VirusScan 8.8 Managed Client STIG that highly suggests to have antivirus to be monitoring 24*7 along with no possibility of stoppage of such services and availability of antivirus signed files almost every day
• Ensure security enablement in Microsoft Internet Explorer 11 client used on Windows-7 workstations like script execution, popup restrictions as needed and stoppage of unsigned ACTIVEX controls
• Experience in interpreting STIG scans that reflect results on periodic basis.
• Experience in working on adding check and controls in build management system that automates scans ensure STIG compliance.

Soft Skills
• Good Team Player
• Good Written and verbal communication skills
• Customer facing experience would be added advantage

www.enterprisesolutioninc.com Pradyut Bhattacharya
Enterprise Solution Inc.
500 E. Diehl Road, Suite 130, Naperville, IL 60563
Office: # 630-214-9485

3_NIST SP 800-37 (rev 2) changes

NIST 800 37 Revision 2 – RMF for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

NIST 800 37 Revision 2 Risk Management Framework for Information Systems and Organizations A System

Download the presentation in this Video & Learn more here:

http://securitycompliance.thinktific.com

This is an overview of NIST 800-37 Revision 2. I discuss the changes, the sources and Cybersecurity Framework.

NIST Special Publication 800-37, Revision 2
Risk Management Framework for Security and Privacy
Initial Public Draft: May 2018
Final Public Draft: July 2018
Final Publication: October 2018

NIST 37-800 Rev 2:
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r1.pdf

Executive Order:
https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/

OMB:
https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2017/M-17-25.pdf

Cybersecurity Framework:
https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

NIST SP 800-53 (Revision 5):
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft

Source of Changes:
President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Office of Management and Budget Memorandum M-17-25 – next-generation Risk Management Framework (RMF) for systems and organizations
NIST SP 800-53 Revision 5 Coordination

Defense Information Systems Agency (DISA)

STIG Update – DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks

STIG Update – DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks


DISA has released the following updated Security Guidance, Security Readiness Review Scripts and Benchmarks:

Unclassified SRGs: http://iase.disa.mil/stigs/Pages/a-z.aspx
Network Device Management SRG – Ver 2, Rel 12
Voice Video Endpoint SRG – Ver 1, Rel 6

Unclassified Application STIGs: http://iase.disa.mil/stigs/app-security/Pages/index.aspx
Apache 2.2 STIG Windows – Ver 1, Rel 12
Apache 2.2 STIG UNIX – Ver 1, Rel 9
Application Security and Development STIG – Ver 4, Rel 4
Google Chrome Browser STIG – Ver 1, Rel 10
IIS 7.0 STIG – Ver 1, Rel 15
McAfee Virus Scan Enterprise for Linux 1.2x/2.0x Managed Client STIG – Ver 1, Rel 3
Microsoft Excel 2016 STIG – Ver 1, Rel 2
Microsoft Outlook 2013 STIG – Ver 1, Rel 11
Oracle HTTP Server 12.1.3 STIG – Ver 1, Rel 2
Oracle JRE 8 UNIX STIG – Ver 1, Rel 3
Oracle WebLogic Server 12c STIG – Ver 1, Rel 3

Unclassified Mobility STIG: http://iase.disa.mil/stigs/mobility/Pages/index.aspx
Microsoft Windows 10 Mobile STIG – Ver 1, Rel 3

Unclassified Network STIGs and Overviews: http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx
Cisco IOS XE Release 3 Router Overview – Ver 1, Rel 3
Cisco IOS XE Release 3 NDM STG – Ver 1, Rel 3
DNS Policy STIG – Ver 4, Rel 1.21
IBM DataPower NDM STIG – Ver 1, Rel 2
IPSEC VPN Gateway STIG – Ver 1, Rel 13
Juniper SRX Services Gateway (SG) Virtual Private Network (VPN) STIG – Ver 1, Rel 2
Network Firewall STIG – Ver 8, Rel 24
Network Infrastructure Policy STIG – Ver 9, Rel 4
Network Infrastruture Router L3 Switch STIG – Ver 8, Rel 24
Network L2 Switch STIG – Ver 8, Rel 22
Network Perimeter Router L3 Switch STIG – Ver 8, Rel 27
Removable Storage STIG – Ver 1, Rel 7

Unclassified HBSS STIGs: https://iase.disa.mil/stigs/hbss/Pages/index.aspx
McAfee Application Control STIG – Ver 1, Rel 2

Unclassified Operating System STIGs: http://iase.disa.mil/stigs/os/Pages/index.aspx
AIX 6.1 STIG – Ver 1, Rel 11
HP-UX 11.31 Manual STIG – Ver 1, Rel 15
IBM Hardware Management Console (HMC) STIG – Ver 1, Rel 5
Microsoft Windows 2008 DC STIG – Ver 6, Rel 38
Microsoft Windows 2008 MS STIG – Ver 6, Rel 38
Microsoft Windows 2008 R2 DC STIG – Ver 1, Rel 24
Microsoft Windows 2008 R2 MS STIG – Ver 1, Rel 24
Microsoft Windows 2012 and 2012 R2 DC STIG – Ver 2, Rel 10
Microsoft Windows 2012 and 2012 R2 MS STIG – Ver 2, Rel 10
Microsoft Windows 7 STIG – Ver 1, Rel 28
Microsoft Windows 8/8.1 STIG – Ver 1, Rel 19
Oracle Linux 6 Manual STIG – Ver 1, Rel 11
Red Hat 6 STIG – Ver 1, Rel 17
Red Hat 7 STIG – Ver 1, Rel 3
Solaris 10 SPARC Manual STIG – Ver 1, Rel 20
Solaris 10 x86 Manual STIG – Ver 1, Rel 20
Solaris 11 SPARC Manual STIG – Ver 1, Rel 13
Solaris 11 x86 Manual STIG – Ver 1, Rel 13
SUSE Linux Enterprise Server (SLES) v11 for System z STIG – Ver 1, Rel 11
zOS ACF2 STIG – Ver 6, Rel 33
zOS RACF STIG – Ver 6, Rel 33
zOS TSS STIG – Ver 6, Rel 33

FOUO Network STIGs: http://iase.disa.mil/stigs/net_perimeter/Pages/index.aspx
NOTE: DoD PKI Certificate Required
JIE Core Data Center (CDC) STIG – Ver 2, Rel 3
JIE Installation Processing Node (IPN) STIG – Ver 2, Rel 3

Benchmarks: http://iase.disa.mil/stigs/scap/Pages/index.aspx
Google Chrome for Windows STIG Benchmark Ver 1, Rel 5
HP-UX 11.31 STIG Benchmark – Ver 1, Rel 15
Microsoft Excel 2016 STIG Benchmark – Ver 1, Rel 2 (SCC tool use only)
Microsoft Outlook 2013 STIG Benchmark – Ver 1, Rel 6 (SCC tool use only)
Microsoft Outlook 2016 STIG Benchmark – Ver 1, Rel 3 (SCC tool use only)
Microsoft Windows 2008 DC STIG Benchmark – Ver 6, Rel 40
Microsoft Windows 2008 MS STIG Benchmark – Ver 6, Rel 40
Microsoft Windows 2008 R2 DC STIG Benchmark – Ver 1, Rel 26
Microsoft Windows 2008 R2 MS STIG Benchmark – Ver 1, Rel 27
Microsoft Windows 2012 and 2012 R2 DC STIG Benchmark – Ver 2, Rel 10
Microsoft Windows 2012 and 2012 R2 MS STIG Benchmark – Ver 2, Rel 10
Microsoft Windows 7 STIG Benchmark – Ver 1, Rel 34
Microsoft Windows 8/8.1 STIG Benchmark – Ver 1, Rel 20
Microsoft Windows Server 2016 STIG Benchmark – Ver 1, Rel 3
Red Hat 5 STIG Benchmark – Ver 1, Rel 19
Red Hat 6 STIG Benchmark – Ver 1, Rel 17
Solaris 10 SPARC STIG Benchmark – Ver 1, Rel 19
Solaris 10 x86 STIG Benchmark – Ver 1, Rel 19
Solaris 11 SPARC STIG Benchmark – Ver 1, Rel 8
Solaris 11 x86 STIG Benchmark – Ver 1, Rel 8

No Longer Supported: http://iase.disa.mil/stigs/sunset/Pages/index.aspx
BlackBerry for the OS 7 STIG – Ver 2, Rel 11
Good for Enterprise 8.x STIG – Ver 1, Rel 2
Microsoft Access 2007 STIG – Ver 4, Rel 15
Microsoft Excel 2007 STIG – Ver 4, Rel 13
Microsoft Infopath 2007 STIG – Ver 4, Rel 13
Microsoft Office System 2007 STIG – Ver 4, Rel 16
Microsoft Outlook 2007 STIG – Ver 4, Rel 16
Microsoft PowerPoint 2007 STIG – Ver 4, Rel 16
Microsoft Word 2007 STIG – Ver 4, Rel 15

 

STIG windows 10

STIG Update – Windows 10 Support Dates and Information

STIG Update – Windows 10 Support Dates and Information


Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to upgrade or make other changes to your software. Below are the dates for Windows 10 lifecycle support:

Windows 10 version 1507  – May 9, 2017

Windows 10 version 1511 – October 10, 2017

Windows 10 version 1607  – Tentatively March 2018

Windows 10 version 1703  – Tentatively September 2018

Windows 10 Version v1511 will become unsupported on 10 October 2017 at which time it will become a CAT I severity to have it installed.  Organizations must upgrade to at least v1607 by that time.

It is recommended upgrading to the latest released version.

Refer to this link for additional information: https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet.

 

Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs)

STIG Update – Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs) – September 2017


Group Policy Objects (GPOs) have been updated for September 2017. See the Change Log document included in the zip file for additional information.  DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment.  The GPOs can be found on IASE website on the Group Policy Objects tab located at this link: https://iase.disa.mil/stigs/Pages/index.aspx

List of GPOs currently in the package:

Office Products:
Access 2013
Access 2016
Excel 2013
Excel 2016
InfoPath 2013
Lync 2013
Office System 2013
Office System 2016
OneDrive for Business 2016
OneNote 2013
OneNote 2016
Outlook 2013
Outlook 2016
PowerPoint 2013
PowerPoint 2016
Project 2013
Project 2016
Publisher 2013
Publisher 2016
SharePoint Designer 2013
Skype for Business 2016
Visio 2013
Visio 2016
Word 2013
Word 2016

Browsers:
Internet Explorer 11
Google Chrome

Antivirus:
Windows Defender AV

Operating Systems:
Windows 10
Windows 7
Windows 8/8.1
Windows Firewall
Windows Server 2008 R2 DC
Windows Server 2008 R2 MS
Windows Server 2012 R2 DC
Windows Server 2012 R2 MS
Windows Server 2016