DOD CCRI

DOD Command Cyber Readiness Inspection (CCRI)

SysAudits can support DOD organizations who desire a CCRI pre-assessment. USCYBERCOM directed Command Cyber Readiness Inspections. USCYBERCOM sets “Cyber policy” for the entire DoD enterprise. Cyber Policy and Standards are issued from DoD, DoN, DISA (Defense Information Systems Agency), NIST (National Institute of Standards & Technology). To ensure DoD networks are in compliance with directives and guidance, the Cyber Security Inspection (CSI) was created. CCRI assess the DOD organization’s Operational Behavior (OB) defined as “Day to Day Operations” of the network at the User and System Administrator levels. OB is a direct reflection of “command culture” as it relates to Information Assurance and Cyber Security. The following are examples OB:

• Completion and documentation of Annual IA training for All Hands
• Completion of security investigations for CSWF personnel
• Network configuration and control
• Correct permissions granted (control access to Personally Identifiable Information, PII)
• Adequate Internet access controls
• Maintenance of inactive user accounts
• Password policy and protection
• Logs. Reviewed as directed and stored.
• Only authorized web browsing
• Prevention of unauthorized devices from connecting to network (flash media)
• Malware detection and treatment (Incident Response Plan) to deal with threats