October 29, 2012
Information Security at the United States Department of Defense
The U.S. Department of Defense (DoD) Information Security policy is managed by the Defense Information Systems Agency. DISA, one of five Combat Support Agencies designated by the Secretary of Defensei, administers “command and control (C2)” functions, information sharing effectiveness, and global operational information infrastructure projects, while providing support to force warfighters, national-level leaders, and coalition friendly forces across a wide range of undertakings. DISA’s perception is to “provide information superiority in defense of the United States.”
A Security Technical Implementation Guide (STIG) is a systematized secured installation and maintenance approach to computer hardware and software. DISA which designs configuration documents in support of DoD, had first coined the phrase under instructions by DoD.
This instruction obligates that “all information assurance (IA) and IA-enabled IT products incorporated into DOD information systems shall be configured in accordance with DOD approved security configuration guidelines”. This mandate provides that recommendations delineated in STIG checklists, will ensure DOD environments address those security requirements.
A desktop computer configuration is an example where STIGs would be beneficial. Most OS (operating systems) are not inherently secure. This leaves them open to criminals (i.e., and computer hackers and personal identity thieves). STIG’s explain how to minimize network-based attacks, and preventing system access when the attacker is present at the device. STIGs also describe maintenance processes (for example: vulnerability patching and software updates).
Developed STIGs might cover the design of a corporate network, covering configurations of routers, firewalls, domain