Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
()
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Community
This Community will be sunsetting soon, but please check out this location for information on Cybersecurity Training at DAU.
Our mission is to provide proactive, adaptive and relevant cybersecurity training and consulting for the DoD acquisition workforce. Below is some of our offering. If you are looking for more specialized offerings feel free to contact us at [email protected]
|
 |
Charts from Day of Cyber, 20 Feb 2019
3. Mission Based Cyber Risk Assessments
Reference LibraryFollowing are links to Cybersecurity policies:
Other Cybersecurity guidance:
Additional Cybersecurity resources:
DAU provides a number of current learning opportunities and is continuously updating its cybersecurity acquisition training across all functional areas of the Defense Acquisition Workforce.
The workshop introduces and applies the Cyber Table Top (CTT) mission-based cyber risk assessment (MBCRA) method to help discover cyber vulnerabilities, gauge their risk, propose mitigations and inform other competencies, documents and events across the DoD acquisition lifecycle. The workshop will establish an understanding of the threat and “thinking like a Hacker”; provide a “wheel of access” methodology to identify and diagram surface-attack characteristics; include cross-competency personnel, including users, to identify and prioritize cyber-attacks / vulnerabilities in a Red / Blue / White Team “wargame” mission scenario; and provide a construct to characterizes and report risk and mitigations in order to design and maintain cyber resilient systems and personnel in the acquisition and operational phases of an Information or Platform weapons system
I'm reaching out on behalf of the OUSD(R&E) CRWS-BoK team to inform you that version 3.0 of the CRWS-BoK portal (www.crws-bok.org) has been released! Please see the official press release for more info: https://www.cto.mil/news/crws_bok_v3.
Discussion on current policy on Technology Area Protection Plans and Science and Technology (S&T) Protection Plans (STPP). Discussion includes new S&T protection updates to the DAU ACQ 160 course.
DAU Event - Acquisition Topics: Technology Area Protection Plans
The Cloud Computing (CC) Security Requirements Guide (SRG) outlines the security model by which DoD will leverage cloud computing, along with the security controls and requirements necessary for using cloud-based solutions.
The CC SRG applies to DoD-provided cloud services and those provided by a contractor on behalf of the department, i.e., a commercial cloud service provider or integrator.
First Cyber training range for 2022.
Register by Tue, Jan 4, 2022, 8:00 AM
| WSS 010 Cyber Training Range Session | |
Location |
Virtual - Eastern Standard Time EST |
Start Time |
1/11/2022 8:00 AM |
End Time |
1/13/2022 5:00 PM |
Description |
The course provides hands on laboratory exploration of adversarial cyber threats to DOD networks and weapon systems. No previous experience in cybersecurity is necessary. Students will learn and execute (in the lab environment) basic offensive cyber techniques, develop system requirements to defeat the threats, implement countermeasures and assess countermeasures effectiveness. Two days are spent on enterprise network attacks and security countermeasures and one day is spent working with an unmanned aerial system simulator which is representative of currently fielded DOD unmanned weapon systems. The inclusion of offensive techniques training for DoD weapon systems differentiates this workshop from similar training provided in the commercial sector.
|
All Day Event |
|
Recurrence |
|
Event Type |
Training |
Event Materials |
WSS 010 Cyber Training Range Session Registration |
On December 6th the White House published M-22-05 Fiscal Year 2021-2022 Guidance on Federal Information Security and Privacy Management Requirements
One of the tenets to guide the reform of performance management under FISMA, is moving to a zero trust architecture. The zero trust security goals are expected by the end of Fiscal Year (FY) 2024. These goals have 5 pillars: Identity, Devices, Networks, Application & Workload, and Data.
Other tenets that were listed to guide the reform of performance management under FISMA are: ground truth testing, observable security outcomes, and automation.
8 CFR Chapter 2. Cybersecurity Maturity Model Certification (CMMC) 2.0 Updates and Way Forward.
Chris Newborn - Cybersecurity Enterprise Team (CET) CISSP, GSTRT, GISP, GSLC Professor, Cybersecurity Defense
Approximately three weeks ago, DoD announced a major change to the Cybersecurity Maturity Model Certification (CMMC) program.
As a result of receiving more than 850 public comments in response to the interim DFARS rule, DoD initiated an internal review March 2021 of CMMC. This review resulted in ''CMMC 2.0,'' which updates the program structure and the requirements to streamline and improve implementation of the CMMC program.
Per the Federal Registry Notice dated 17 Nov 2021 (enclosed), the changes reflected in the CMMC 2.0 framework will be implemented through the rulemaking process. DoD will pursue rulemaking in both: (1) Title 32 of the Code of Federal Regulations (CFR); and, (2) title 48 CFR, to establish CMMC 2.0 program requirements and implement any needed changes to the CMMC program content in 48 CFR.
"... Until the CMMC 2.0 changes become effective through both the title 32 CFR and title 48 CFR rulemaking processes, the Department will suspend the CMMC Piloting efforts, and will not approve inclusion of a CMMC requirement in DoD solicitations. The CMMC 2.0 program requirements will not be mandatory until the title 32 CFR rulemaking is complete, and the CMMC program requirements have been implemented as needed into acquisition regulation through title 48 rulemaking ..."
As a reminder, contracting officers are required to following the Interim Rule; Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041), that amends DFARS subpart 204.73, Safeguarding Covered Defense Information and Cyber Incident Reporting, and implements the NIST SP 800-171 DoD Assessment Methodology.
The coverage in the subpart directs contracting officers to verify in Supplier Performance Risk System (SPRS) that an offeror has a current NIST SP 800-171 DoD Assessment on record, prior to contract award, if the offeror is required to implement NIST SP 800-171 pursuant to DFARS clause 252.204-7012. The contracting officer is also directed to include a new DFARS provision 252.204-7019, Notice of NIST SP 800-171 DoD Assessment Requirements, and a new DFARS clause 252.204-7020, NIST SP 800-171 DoD Assessment Requirements, in solicitations and contracts including solicitations using FAR part 12 procedures for the acquisition of commercial items, except for solicitations solely for the acquisition of COTS items.
Please contact Chris Newborn If you have any questions.
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published cybersecurity guidance to securely build and configure cloud infrastructures in support of 5G.
To read more information check out:NSA and CISA provide cybersecurity guidance for 5G cloud infrastructures Press Release
During this time we see China's effort to become the leading global power. In order to protect security, Americans need to guarantee an advantage. It is extremely imperative to concentration on this effort to focus on China as it grows to our number one cyber threat to national security.
For more information take a look at this article: Great Power Competition
Here is an article written by Matt Sablan, DAU Public Affairs, highlighting the DAU Cyber Enterprise Team and its training offerings.
DAU Cyber Enterprise Team Provides New Training Options
Our mission is to provide proactive, adaptive and relevant cybersecurity training and consulting for the DoD acquisition workforce. Below is some of our offering. If you are looking for more specialized offerings feel free to contact us at [email protected]
|
|
Charts from Day of Cyber, 20 Feb 2019
3. Mission Based Cyber Risk Assessments
Reference LibraryFollowing are links to Cybersecurity policies:
Other Cybersecurity guidance:
Additional Cybersecurity resources:
DAU provides a number of current learning opportunities and is continuously updating its cybersecurity acquisition training across all functional areas of the Defense Acquisition Workforce.
The workshop introduces and applies the Cyber Table Top (CTT) mission-based cyber risk assessment (MBCRA) method to help discover cyber vulnerabilities, gauge their risk, propose mitigations and inform other competencies, documents and events across the DoD acquisition lifecycle. The workshop will establish an understanding of the threat and “thinking like a Hacker”; provide a “wheel of access” methodology to identify and diagram surface-attack characteristics; include cross-competency personnel, including users, to identify and prioritize cyber-attacks / vulnerabilities in a Red / Blue / White Team “wargame” mission scenario; and provide a construct to characterizes and report risk and mitigations in order to design and maintain cyber resilient systems and personnel in the acquisition and operational phases of an Information or Platform weapons system
What's Trending