1. LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED

2. LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED 2  Purpose  DAIG Information Assurance Mission  Information Assurance Actions  What does DAIG IA Inspect? Army IA Functional Areas  Information Assurance Take-Aways  Panel Member Introduction  Forum Discussion/Question and Answer Period  Closing IEF Sessions: 1 and 3, USAIGA 2011-08-23// LWN11_IA_DAIG IA Compliance.pptx

3. LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 3 To provide insights from the Department of the Army Inspector General Information Assurance Team and organizations that have met the standard the last two years 2011-08-23// LWN11_IA_DAIG IA Compliance.pptx

4. LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 4  IA Establishment: 12 May 2005, the CSA directs The Inspector General (TIG) to establish an Information Assurance (IA) Inspection Division to conduct cyclical IA compliance inspections across the Army (Active, Guard and Reserve).  The purpose of IA Inspections: Measure level of deviation from established Army IA polices, regulations, doctrine, and procedures (compliance) Identify systemic IA problems, determine root causes, develop recommendations, and fix responsibilities for corrective action  Information Assurance Inspections conducted: 74 inspections from FY 08 to 1 Aug 11 (57 Active, 12 ARNG, 3 USAR, 2 MWR) Fiscal Year Annual Army Information Assurance (IA) Reports published (FY 08, 09 and 10 (Trends and Recommendations)) BLUF: DAIG IA Division is the eyes and ears for Army Senior Leaders in evaluating the Army’s IA posture IAW Army CIO/G-6 IA checklist, regulations, and policy 2011-08-23// LWN11_IA_DAIG IA Compliance.pptx

5. LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 5  Information Assurance key insights : - Establish command/leadership accountability - Establish the need for continuous oversight (Command Channels) - Formalize an acceptable level of risk/compliance for existing IA policies and standards  VCSA action Memorandum to Commanders (28 Nov 10) Subject: Commander and Leader Responsibilities for Information Assurance Capabilities and Standards Enforcement The VCSA memo directed: Army CIO/G-6 & the CDR, ARCYBER to review & improve, where necessary, IA processes/policies CDR, ARCYBER to monitor & assist commanders in the enforcement of IA compliance Senior Installation Commanders are responsible for their organization’s complying with the Army Information Assurance Program Commanders (Brigade equivalent and higher) will assess their organization’s IA program using the Army IA Self-Assessment Tool Every organization will incorporate IA into its organizational inspection program at all levels 2011-08-23// LWN11_IA_DAIG IA Compliance.pptx

6. LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 6 Army Focus Areas are those that pose a significant risk to the Army LandWarNet (Army IA Functional Areas and Army Focus Areas are established by Army CIO/G-6) Inspection Breakout (FY 08-11) TypeQty AC57 ARNG12 USAR3 MWR2 Total74 2011-08-23// LWN11_IA_DAIG IA Compliance.pptx

7. LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 7  Accountability: Information Assurance requires Command/Leader accountability and oversight in order to protect and defend operational information  Self Assessment: Conduct an honest self assessment – develop realistic goals and empower subordinates  Standard: Be willing to make hard decisions – enforce the standard otherwise you allow deviations to become the new baseline  Assets: Ensure assets are configured IAW current DISA STIGs (to include manual checks)  PII: Complete your PII assessment (DD Form 2930, Privacy Impact Assessments) and coordinate with your customer organizations  Audits: Conduct full audit scans and review audit logs - Retina/Q-Tip scans – all assets, vulnerabilities (conduct one week prior to inspection)  Document: Document your internal and command wide procedures  Record: Establish a formal record retention program (hard drive and media destruction, wireless scanning/war driving (5yrs / 1yr) 2011-08-23// LWN11_IA_DAIG IA Compliance.pptx

8. LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 8  Identify: IT Contingency alternate site and document the results from the last contingency plan exercise  Develop: Build the IT Contingency Plan around supporting mission essential services  Ensure: - POA&M for all past due IAVAs are entered into NETCROP or VMS - Waivers are submitted for all deviations from the AGM and/or DISA STIGS - Incident Response Plans are complete and personnel are trained - Webmaster, OPSEC & PAO are trained in OPSEC WEB content vulnerability and web risk assessment training - Marking and labeling of media and peripheral devices are completed - Wireless security - complete scans (war drive, protocol analysis) are done - Register and track all IA Workforce personnel in ATCTS  Verify: SF700, SF701 forms are properly filled out (Safes/offices) A vulnerability allowed by one is a vulnerability assumed by all ! 2011-08-23// LWN11_IA_DAIG IA Compliance.pptx

9. LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 9  Panel Member Introduction  Forum Discussion/Question and Answer Period 2011-08-23// LWN11_IA_DAIG IA Compliance.pptx

10. LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 10 DAIG AKO Portal: https://www.us.army.mil/suite/page/475521https://www.us.army.mil/suite/page/475521 2011-08-23// LWN11_IA_DAIG IA Compliance.pptx

11. LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 11 DAIG Office Phone Number Commercial (703) 545-4398 DSN: 865-4398 2011-08-23// LWN11_IA_DAIG IA Compliance.pptx