Cyberspace Defense (CD) Course M01_L03 links ReferenceOnlyObject referenceObj Testing This Reference Object ReadOnlyText pageLocation Page x of y skipTopNavBtn SKIP TO CONTENT SKIP TO CONTENT SkipTopNavButtonClicked skipBtmNavBtn SKIP NAVIGATION SKIP NAVIGATION SkipBtmNavButtonClicked helpBtn Help Help. Select this button to open the help panel. HelpButtonClicked exitBtn Exit Exit. Select this button to exit the course. ExitButtonClicked courseMapBtn Course Map Course map. Select this button to access the course map. CourseMapButtonClicked glossaryBtn Glossary Glossary. Select this button open the glossary. GlossaryButtonClicked resourcesBtn Resources Resources. Select this button to access the resources for the course. ResourcesButtonClicked hideCCBtn Hide Captions Hide Captions. Select this button to hide the caption text. HideCCButtonClicked showCCBtn Show Captions Show Captions. Select this button to show the caption text. ShowCCButtonClicked turnAudioDescriptionsOffBtn Turn Audio Descriptions Off Turn Audio Descriptions Off. Select this button to turn off audio descriptions. AudioDescriptionsOffButtonClicked turnAudioDescriptionsOnBtn Turn Audio Descriptions On Turn Audio Descriptions On. Select this button to turn on audio descriptions. AudioDescriptionsOnButtonClicked skipReverseBtn Skip Backward Skip Backward. Select this button to skip a few frames back. SkipReverseButtonClicked skipForwardBtn Skip Forward Skip Forward. Select this button to skip a few frames ahead. SkipForwardButtonClicked replayBtn Replay Replay. Select this button to replay the current screen. ReplayButtonClicked transcriptBtn Transcript Transcript. Select this button for a transcript of the current page. ShowTextButtonClicked pauseBtn Pause Pause. Select this button to pause the course. PauseButtonClicked resumeBtn Resume Resume. Select this button to resume the course. ResumeButtonClicked previousPgBtn Back Back. Select this button to go to the previous screen. PreviousButtonClicked nextPgBtn Next Next. Select this button to go to the next screen. NextButtonClicked disacndv203_01 1 Welcome to the Cybersecurity Service Providers lesson. When you have completed this lesson, you will be able to identify the key requirements for cybersecurity services that Department of Defense, or DoD, Components must meet to protect the DoD Information Networks, or DoDIN, and what Cybersecurity Service Providers, or CSPs, are. You will also be able to identify which organizations provide cybersecurity services to the DoD; to each DoD Component; and to the local control centers within each DoD Component. Finally, you will be able to identify which requirements CSPs must meet to provide cybersecurity services to DoD Components. There are four topics in this lesson. After you have completed the Introduction, you will learn about the requirements that DoD Components must meet to ensure that their information systems are protected and defended and who is qualified to provide cybersecurity services to DoD Components. Finally, you will learn about the hierarchy of cybersecurity services and providers, as well as the specific requirements providers must meet to be a CSP. disacndv203_02 2 CSP, Cybersecurity Service Provider To protect and defend DoD information systems and networks, each DoD combatant command, Service, agency, and field activity must meet certain requirements regarding cybersecurity. All systems that collect, generate process, store, display, transmit or receive DoD information must be aligned to a certified cybersecurity service provider. Cybersecurity services for DoD Components must be performed by a certified CSP. It is the DoD Component's responsibility to ensure that all of its information systems and networks are protected with the required cybersecurity services. The DoD Component must also ensure that their CSPs are certified to perform those services. disacndv203_03 3 ISSM, Information Systems Security Manager is the individual responsible for the information assurance program, organization, system or enclave. ISSM was formerly referred to as the IAM (Information Assurance Manager). CNSS Instruction No. 4009 CSPs are those organizations that provide cybersecurity services which protect, monitor, analyze, detect, and respond to unauthorized activity, as well as those that sustain those services. Not all organizations that offer information technology, or IT, or cybersecurity type services can be considered cybersecurity service providers. For an organization to be a DoD CSP, the organization must successfully complete the DoD cybersecurity certification and accreditation process for CSPs. Cybersecurity Service Providers can be a DoD or Federal organization. If the CSP is a DoD organization, it can be internal to the DoD Component as long as the internal organization is certified and accredited. Some CSPs focus on various cybersecurity services, but not all CSPs perform all cybersecurity services. Since all information systems must be assigned a CSP, DoD Components may need to have relationships with more than one service provider to ensure that all information systems have a CSP for all required cybersecurity services. Although a CSP can be internal to the DoD Component, and internal cybersecurity professionals might be performing tasks related to cyberspace defense as part of their cybersecurity duties, those internal DoD cybersecurity professionals who are not part of a certified CSP organization may not be authorized to perform the functions required of CSPs. For example Information Systems Security Manager, or ISSM, for a system who is not part of a CSP organization is not considered authorized to perform any cyberspace defense functions. Currently, there are 23 certified and accredited DoD CSPs and 2 Federal CSPs equivalents. disacndv203_04 4 Knowledge Check 1 500 425 Select True or False for each statement; then select Submit. DoD CSPs must be certified and accredited to perform cybersecurity services. True False Correct. DoD CSPs must be certified and accredited to perform cybersecurity services. Incorrect. DoD CSPs must be certified and accredited to perform cybersecurity services. Internal DoD cybersecurity professionals who are not part of a certified CSP organization are authorized to perform the functions required of CSPs. True False Correct. Internal DoD cybersecurity professionals who are not part of a certified CSP organization are not qualified or authorized to perform the functions required of CSPs. Incorrect. Internal DoD cybersecurity professionals who are not part of a certified CSP organization are not qualified or authorized to perform the functions required of CSPs. CSPs for the DoD must be a DoD organization. True False Correct. CSPs for the DoD can be DoD or Federal organization. Incorrect. CSPs for the DoD can be DoD or Federal organization. DoD Components must have all cybersecurity services provided by CSPs. True False Correct. DoD Components must have all cybersecurity services provided by CSPs. Incorrect. DoD Components must have all cybersecurity services provided by CSPs. Now check your knowledge. disacndv203_05 5 disacndv203_05_01 5 GENSER NIPRNET, Nonsecure Internet Protocol Router Network SIPRNET, SECRET Internet Protocol Router Network A GENSER DoD information system is one not specifically designated as a special enclave that has additional security requirements. Information systems that are part of the NIPRNET or SIPRNET are considered GENSER. disacndv203_05_02 5 Special Enclave SAPs, Special Access Programs NSANet, National Security Agency Network JWICS, Joint Worldwide Intelligence Communications System A special enclave DoD information system is one that has special security requirements which are more stringent than the requirements for GENSER systems. For example, the systems used for special access programs, or SAPs, or connected to National Security Agency Network, or NSANet, or the Joint Worldwide Intelligence Communications System, or JWICS, are Special Enclave. Cybersecurity services are provided to the DoD at three levels, or tiers. The first tier of service consists of the cybersecurity services, operations, and policies that affect all DoD information systems and provide guidance to the other two tiers of service. The second tier consists of the services, operations, and policies that are provided to each DoD combatant command, Service, agency, or field activity. The second tier also provides guidance to the third tier. The third tier consists of services and operations at the local control centers of each DoD Component, typically located at each base, post, camp, or station. These three tiers of services make up a hierarchy of cybersecurity services and the organizations that provide those services. For the purposes of cyberspace defense, all information systems are classified as one of two system types: either General Services, or GENSER, or Special Enclave. On the following screens, you will learn about the different CSP responsibilities, including the responsibilities related to each system type. Select GENSER and Special Enclave to learn about each type of information system. disacndv203_06 6 disacndv203_06_02 6 National Security Incident Response Center (NSIRC) The Tier 1 incident response center for the general DoD community is the National Security Incident Response Center. The incident response centers are focused on cyberspace attack sensing and warning, or AS&W, activities. The specific responsibilities of the incident response centers include: providing the overall focus and coordination of attack sensing and warning activities; providing specialized AS&W analysis to detect Defense-wide and long-term trends and patterns that may indicate an attack; providing direct AS&W support to USSTRATCOM; and providing AS&W support as required to the DoD Component-level cybersecurity service providers. disacndv203_06_01 6 USSTRATCOM General Services CSP/AA USCYBERCOM USSTRATCOM has the lead responsibility for conducting Defense-wide and multi-component cyberspace defense operations. USSTRATCOM has tasked USCYBERCOM with implementing those specific responsibilities. USSTRATCOM delegated responsibilities include acting as the Accreditation Authority, or AA, for GENSER CSPs and directing cyberspace defense activities across the DoD. USCYBERCOM is tasked with establishing the DoD procedures for disseminating cyberspace defense-related advisories, alerts, and warnings; monitoring compliance with information assurance vulnerability notifications; assisting DISA in developing and refining the certification and accreditation process for cybersecurity service providers; coordinating with the directors of the DIA and the National Security Agency, or NSA, to maintain awareness of and prevent conflicts between external assessments and operations associated with DoD information systems and networks; developing and requesting changes to the Standing Rules of Engagement for cyberspace defense; and using combatant command and tactical control of forces to execute operations to protect and defend DoD cyberspace or other national security interests from intentional, unauthorized cyberspace intrusions or attacks. disacndv203_06_04 6 Director National Intelligence (DNI) Special Enclave CSP/AA The DNI has the lead responsibility for intelligence community information systems and networks. The DNI's specific cyberspace defense responsibilities include: providing operational direction to the DIA regarding cyberspace defense for intelligence community information systems and networks; acting as the Accreditation Authority, or AA, for Special Enclave CSPs; and coordinating with USSTRATCOM, USCYBERCOM, and the incident response center for the intelligence community. disacndv203_06_07 6 Intelligence Community Incident Response Center (ICIRC) The Tier 1 incident response center for the intelligence community is the Intelligence Community Incident Response Center. The incident response centers are focused on cyberspace attack sensing and warning, or AS&W, activities. The specific responsibilities of the incident response centers include: providing the overall focus and coordination of attack sensing and warning activities; providing specialized AS&W analysis to detect Defense-wide and long-term trends and patterns that may indicate an attack; providing direct AS&W support to USSTRATCOM; and providing AS&W support as required to the DoD Component-level cybersecurity service providers. disacndv203_06_03 6 DCIO Law Enforcement & Counterintelligence Center The DCIO Law Enforcement and Counterintelligence Center coordinates and facilitates law enforcement and counterintelligence investigations and operations among DoD Components. The law enforcement and counterintelligence center's specific responsibilities include: coordinating, facilitating, and removing conflicts from law enforcement and counterintelligence cyberspace defense investigations and operations among the DoD Components; implementing operational direction for law enforcement from the Defense Criminal Investigative Office and responding to the information requirements from USSTRATCOM and the Component-level CSPs; serving as primary interface with the National Infrastructure Protection Center, or NIPC; providing analytical services to support cyberspace defense investigations and operations; coordinating information sharing on law enforcement and counterintelligence issues; and supporting cyberspace defense planning and policy development. disacndv203_06_05 6 General Services CSP/CA (DISA) AA, Accreditation Authority CA, Certifying Authority DISA, Defense Information Systems Agency As the GENSER certifying authority, DISA ensures that the CSPs are qualified to adequately protect and defend DoD information systems and networks. The responsibilities of the certifying authorities, or CAs, include: working together to develop and refine the certification process for CSPs; acting as the certifying authorities for the types of systems under their purview; and providing certifier recommendations to their respective Accreditation Authorities to accredit CSPs. In addition, DISA is tasked with functioning as the systems integrator for Defense-wide cyberspace defense related systems and managing the Information Assurance Vulnerability Management, or IAVM, Program. disacndv203_06_06 6 Special Enclave CSP/CA (DIA) AA, Accreditation Authority CA, Certifying Authority PM, Program Manager DIA, Director Intelligence Agency As the certifying authority for special enclave systems, the DIA ensures that the CSPs are qualified to adequately protect and defend DoD information systems and networks. The responsibilities of the certifying authorities, or CAs, include: working together to develop and refine the certification process for CSPs; acting as the certifying authorities for the types of systems under their purview; and providing certifier recommendations to their respective Accreditation Authorities to accredit CSPs. The DIA is tasked with functioning as the Program Manager, or PM, for Defense- wide cyberspace defense research and technology, or R&T; establishing and maintaining a network and procedures for the reporting of cybersecurity external assessment activities; and providing specialized attack sensing and warning, or AS&W, support to USSTRATCOM and the DoD Components. The Tier 1 CSPs consist of the two CSP Accreditation Authorities: USSTRATCOM, who serves as the GENSER CSP Accreditation Authority, and USSTRATCOM's sub-command, USCYBERCOM; and the Director of National Intelligence, or DNI, who serves as the Special Enclave CSP Accreditation Authority. Tier 1 also includes two incident response centers, one for general national security and one for the intelligence community special enclaves, or SE; as well as the joint Defense Criminal Investigative Office, or DCIO, Law Enforcement and Counterintelligence, or LE/CI, Center. Finally, tier 1 includes two CSP certification authorities, or CAs: the Defense Information Systems Agency, or DISA, who serves as the GENSER CSP certification authority; and the Defense Intelligence Agency, or DIA who is the CSP certification authority for special enclaves. Select each Tier 1 service provider to learn more about its cybersecurity services and responsibilities. disacndv203_07 7 Tier 2 service providers are regional computer emergency response teams, or RCERTs, and those organizations that are formally certified and accredited to provide required cybersecurity services to Combatant Commands, Services, agencies, and field activities. disacndv203_08 8 Tier 3 local control centers are those entities that subscribe to and take direction from CSPs and implement the policies of Tier 2 providers within each DoD Component. disacndv203_09 9 disacndv203_09_01 9 CSP Organization - Certified and Accredited The CSPs that provide services to DoD Components must be certified and accredited specifically for the cyberspace defense types of systems they defend. A CSP can only provide services to the types of information systems for which they are certified. For example, CSPs that are certified and accredited for GENSER systems may only provide cybersecurity services to GENSER systems. They may not provide cybersecurity services for Special Enclave systems. CSPs can be certified and accredited as both GENSER and Special Enclave providers. Although the certification and accreditation process is the same for both types of systems, each certification and accreditation must occur separately and has a different certifying authority and accreditation authority. DISA and USSTRATCOM are responsible for GENSER certification and accreditation, and DIA and DNI are responsible for Special Enclave certification and accreditation. The CSP certification and accreditation, or C&A, process is a rigorous four- phased process which must recur, at a minimum, every three years. During the process, the CSP is evaluated against specific metrics. They either pass or fail each metric, and their performance results in a score that determines whether they are accredited, and the level to which they are accredited. Accreditation level 1 is the minimum acceptable performance, accreditation level 2 indicates commendable performance, and accreditation level 3 recognizes exemplary performance. disacndv203_09_02 9 IAVM, Information Assurance Vulnerability Management AS&W, Attack Sensing and Warning IAT, Information Assurance Technical IAM, Information Assurance Management CSP Personnel - Trained and Certified To perform cybersecurity services for DoD information systems and networks, CSP personnel must specifically be trained and certified to perform the required cybersecurity services. When DoD Components enter a relationship with a certified CSP organization, their expectation is that the personnel working for that organization are adequately trained and certified to protect their DoD information systems. DoD 8570.01-M, Information Assurance Workforce Improvement Program, requires DoD cybersecurity professionals to be trained and certified in their cybersecurity category and cybersecurity service provider professionals to be trained and certified in their cybersecurity category and specialty. A CSP must meet certain requirements. Those providers that do not meet these requirements are not acceptable as DoD CSPs. The CSP organization must be certified and accredited, and the CSP personnel that perform cybersecurity services for DoD must be specifically trained and certified to adequately perform their cyberspace defense responsibilities. Select each requirement to learn more about it. disacndv203_10 10 Knowledge Check 1 500 425 Select the best response; then select Submit. Component-wide cyberspace defense falls under which tier of the CSP hierarchy? A. Tier 1 B. Tier 2 C. Tier 3 Correct. Component-wide cyberspace defense falls under Tier 2 of the CSP hierarchy. Incorrect. Component-wide cyberspace defense falls under Tier 2 of the CSP hierarchy. Defense-wide cyberspace defense falls under which tier of the CSP hierarchy? A. Tier 1 B. Tier 2 C. Tier 3 Correct. Defense-wide cyberspace defense falls under Tier 1 of the CSP hierarchy. Incorrect. Defense-wide cyberspace defense falls under Tier 1 of the CSP hierarchy. Component Local Control Center cyberspace defense falls under which tier of the CSP hierarchy? A. Tier 1 B. Tier 2 C. Tier 3 Correct. Component Local Control Center cyberspace defense falls under Tier 3 of the CSP hierarchy. Incorrect. Component Local Control Center cyberspace defense falls under Tier 3 of the CSP hierarchy. Check your knowledge of the CSP hierarchy. disacndv203_11 11 Knowledge Check 1 500 425 Select the best response; then select Submit. A system connected to the NIPRNET is considered to be which type of system? A. GENSER B. Special Enclave Correct. A system connected to the NIPRNET is considered GENSER. Incorrect. A system connected to the NIPRNET is considered GENSER. A system connected to the SIPRNET is considered to be which type of system? A. GENSER B. Special Enclave Correct. A system connected to the SIPRNET is considered GENSER. Incorrect. A system connected to the SIPRNET is considered GENSER. A system for a special access program is considered to be which type of system? A. GENSER B. Special Enclave Correct. Information systems with special security requirements, such as special access programs, are considered Special Enclave. Incorrect. Information systems with special security requirements, such as special access programs, are considered Special Enclave. Now check your knowledge of the two cyberspace defense system types. disacndv203_12 12 Knowledge Check 1 500 425 Select Compliant or Non-compliant for each statement; then select Submit. A Navy organization has a certified and accredited internal CSP. Compliant Non-Compliant Correct. This is compliant. The CSP can be internal to a DoD Component as long as it is certified and accredited as a CSP. Incorrect. This is compliant. The CSP can be internal to a DoD Component as long as it is certified and accredited as a CSP. An Army organization has a certified and accredited CSP that uses cleared contractor personnel under DoD contract. Compliant Non-Compliant Correct. This is compliant. The CSP can be a non-DoD organization as long as it is certified and accredited as a CSP. Incorrect. This is compliant. The CSP can be a non-DoD organization as long as it is certified and accredited as a CSP. A Defense Agency has a certified and accredited non-DoD CIRT as its only CSP. The CIRT does not perform Vulnerability Assessment support. Compliant Non-Compliant Correct. This is non-compliant. Each DoD Component must ensure that all required cybersecurity services are being performed which may require having more than one CSP. Incorrect. This is non-compliant. Each DoD Component must ensure that all required cybersecurity services are being performed which may require having more than one CSP. A Marine Corps organization uses the Navy CIRT, which is a certified and accredited CSP. Compliant Non-Compliant Correct. This is compliant. The CSP can be a DoD Component that is external to another DoD Component as long as it is certified and accredited as a CSP. Incorrect. This is compliant. The CSP can be a DoD Component that is external to another DoD Component as long as it is certified and accredited as a CSP. An Air Force organization has an internal cybersecurity professional, who has attended cyberspace defense training, but who is not part of a certified and accredited CSP organization, performing some cybersecurity services. Compliant Non-Compliant Correct. This is non-compliant. A cybersecurity professional who is not part of a certified and accredited CSP organization may not perform cybersecurity services. Incorrect. This is non-compliant. A cybersecurity professional who is not part of a certified and accredited CSP organization may not perform cybersecurity services. Check your knowledge regarding the DoD cyberspace defense requirements. disacndv203_13 13 Knowledge Check 1 500 425 For each described CSP, indicate whether it would be acceptable to provide services for a DoD Component's GENSER and Special Enclave systems; then select Submit. The CSP was certified four years ago. Acceptable Not Acceptable Correct. This CSP would not be acceptable because CSPs must be reaccredited every 3 years. Incorrect. This CSP would not be acceptable because CSPs must be reaccredited every 3 years. The CSP is certified as a GENSER CSP, with a Level 3 performance accreditation Acceptable Not Acceptable Correct. This CSP is not acceptable because even though it has the highest level of certification for GENSER systems, it would not be able to provide services for your Special Enclave systems. Incorrect. This CSP is not acceptable because even though it has the highest level of certification for GENSER systems, it would not be able to provide services for your Special Enclave systems. The CSP is certified as a GENSER CSP, with a Level 2 performance accreditation, and a Special Enclave CSP, with a Level 1 performance accreditation. Acceptable Not Acceptable Correct. This CSP is acceptable because you have both GENSER and Special Enclave Systems and the CSP is accredited for both types of systems. Incorrect. This CSP is acceptable because you have both GENSER and Special Enclave Systems and the CSP is accredited for both types of systems. The CSP is certified as a GENSER and a Special Enclave CSP, but wants to provide personnel who have not yet been trained in cybersecurity services. Acceptable Not Acceptable Correct. This CSP is not acceptable because its personnel would not be already trained in the cybersecurity services they need to perform for your Component. Incorrect. This CSP is not acceptable because its personnel would not be already trained in the cybersecurity services they need to perform for your Component. Check your knowledge of CSP requirements. disacndv203_14 14 Congratulations! You have completed the Cybersecurity Service Providers lesson. You should now be able to identify the key requirements for cyberspace defense that DoD Components must meet to help protect the DoDIN. You should also be able to identify what CSPs are, and identify the three tiers of service providers that provide cybersecurity services to the DoD. Finally, you should be able to identify the requirements CSPs must meet to be able to provide cybersecurity services to DoD Components.