Don’t be caught flat-footed on Inspection Day. Scheduled and No-Notice Phase IV Command Cyber Readiness Inspections (CCRI) are here. Along with it, several new requirements that are now included into the grade. These enhancements are meant to help strengthen the Department of Defense Information Network (DoDIN) and combat the ever changing emerging threat landscape. These new requirements not only increase the burden of accountability for vulnerabilities found within inspected enclaves, but also include a quantitative risk assessment for improved decision making and situational awareness.
Now in 2017 and with ongoing Phase IV enhancements, there are again grading weight adjustments, new TASKORDs and OPORDs, and additional technologies that have been included into inspection. These enhancements are meant to place greater emphasis on Internet facing technologies as well as to better detect, deter, defend, against the Insider Threat.
Whether you’ve been through a few CCRI’s or are about to be inspected for the first time, the process of preparing is intense and full of complex security nuances, that if not properly implemented, have the potential to significantly reduce a CCRI grade or even worse, lead to a CCRI failure. It only takes a misconfigured Vulnerability Scanner, a missing Endpoint Security Product or a a few errors in a ACL to make or break a respectable CCRI grade.
This is where a SecureStrux Staff Assist Visit (SAV) fits into your overall inspection preparation. Because our Consultant’s have been actively involved in the evolution and maturing of the CCRI program since its 2009 inception, we know how to best consult and advise Commanders, Facility Security Officers (FSO), Information System Security Managers (ISSM), Security Analysts, and System Engineers on how to efficiently prepare and successfully pass their CCRI’s.
Our seasoned CCRI consultants are DISA Cyber Readiness Reviewer qualified, IA 8570.01-M certified, and have over 50 years of accumulated experience in conducting CCRIs and reviewing CCRI technologies and processes. SecureStrux has cleared personnel that are able to travel both CONUS and OCONUS. All together we have completed hundreds of CCRI reviews both within the US and around the world. We have valuable insights into what it takes to bring both small and command-level, enterprise networks into passing compliance. Our certified Team Leads and Reviewers understand the CCRI process, the grading methodology, the applicable STIGs, and the intent of the CTO’s, CND Directives, individual FRAGOs, and the tools used during the inspection. We have proven success in advising, focusing, and assisting sites to become not only CCRI inspection ready, but secure and sustainably compliant.
We welcome the opportunity in becoming your trusted CCRI 365 Ready Partner in preparing for your inspection as well as dealing with its results and After Action Plan (AAP). We will help train your personnel, prepare your environment, and develop a customized “Path to CCRI Success”. If you are preparing and need assistance with an upcoming CCRI, contact us now and find out how you can benefit from our CCRI experience and SAV services. With SecureStrux you can be confident that you are CCRI 365 Ready.
Detect | Deter | Defend | Sustain
SecureStrux CCRI 365 Ready Processes & Technologies Services
- Phase IV Grading | CND Directives Guidance
- Vulnerability Management | CCRI Tool Configuration
- Program Managed (PM) System Evaluations
- McAfee ePO Engineering | Endpoint Deployment
- ACAS Security Center | Nessus Engineering
- Network Perimeter | Infrastructure Hardening
- Wireless Discovery
- Wireless Controller | Endpoint Assessments
- Blackberry | Mobility Configuration Services
- Active Directory | Exchange Compliance
- UNIX | RHEL Security Compliance
- Domain Naming System (DNS) Security Services
- Database | Web Security Compliance
- Cross-Domain Solutions (CDS) Consulting
- REL Implementations | Architecture Reviews
- MS Workstation Hardening (New Requirement)