A site assistance visit here next week by members of the 106th Signal Brigade and 7th Signal Command will help prepare the post for its upcoming Command Cyber Readiness Inspection, slated for March 2020.
The visit — set to begin Monday — will assess the overall adherence of Fort Leonard Wood’s classified and unclassified networks to published standards and guidance.
The CCRI is a rigorous inspection of the networks and traditional security practices designed to validate the effectiveness of the protection mechanisms that safeguard the Department of Defense Information Network from cyber-attacks and to ensure the confidentiality, integrity and availability of defense information data and services, said Deborah Dowling, Network Enterprise Center information system security manager.
“Cyber security requires teamwork, and cyber vigilance in the workplace is everyone’s responsibility,” she added. “Inspectors will assess different areas of the networks and day-to-day employee workplace operations. This inspection will test everyone’s daily routine.”
The CCRI applies to all organizations on the installation, including contractor-operated facilities, and the inspection team will assess the NEC and any installation organization with classified and unclassified network connectivity.
“Teamwork across the installation will be essential to the success of the CCRI,” Dowling said. “Two-way communication between the customer and the NEC will be a key factor to that success.”
To ensure Fort Leonard Wood passes the inspection successfully, every unit and network user has a responsibility for being knowledgeable on proper cyber security, traditional security and physical security practices. Commanders and senior civilian leaders at all levels within their organizations are asked to check and re-check that these standards are being adhered to — down to the individual user — to ensure awareness and compliance with cyber security measures, Dowling said.
Tips for vigilant network use:
— Re-read the Acceptable Use Policy. It contains all the basics on compliance when using government computers.
— Log computers off the NIPRNet system at the end of the day and reboot at the beginning of the next day to ensure security patch compliance.
— Power on and log in to SIPRNet systems at least weekly. Staying connected during the entire period is essential to systems getting the required updates.
— Remove Common Access Cards, SIPR tokens and secure all SIPR drop lockboxes and hard drives prior to leaving computers unattended.
— Do not plug unauthorized electronic devices (e.g., thumb drives, hard drives, portable media players or cell phones) into a government computer without an approved exemption letter.
— Label disc media and use classifications markings, such as a Department of Defense Form 2056 (telephone monitoring notification decal), on computers, monitors and phones in a mixed environment.
— Know how to identify and respond to a network security incident by using the network incident reporting aid located on the NEC Information Assurance SharePoint portal.
— Never bring portable or wireless electronic devices within three meters of a classified system.