M01_L02M01_L02DoD CNDSP ProgramDoD CNDSP Programlinks../M01_L02/assets/coursemap.swfcourseMenuBtnCourse menu. Select this button to access the course menu.MainMenuButtonClickedmoduleMapBtnLesson Map. Select this button to access the lesson map.CourseMapButtonClickedglossaryBtnGlossaryGlossary. Select this button open the glossary.GlossaryButtonClickedresourcesBtnResources. Select this button open the resources.ResourcesButtonClickedexitBtnExit. Select this button to exit the course.ExitButtonClickedreplayBtnReplay. Select this button to replay the current screen.ReplayButtonClickedpauseBtnPause. Select this button to pause the course.PauseButtonClickedresumeBtnResume. Select this button to resume the course.ResumeButtonClickedpreviousPgBtnPrevious PagePrevious. Select this button to go to the previous screen.PreviousButtonClickednextPgBtnNext PageNext. Select this button to go to the next screen.NextButtonClickedIntroductionObjectives and Topicsdisaiar02_011Welcome to the lesson on the DoD Computer Network Defense Service Provider, or CNDSP, program. When you have completed this lesson, you will be able to identify the structure of the DoD CNDSP program, the roles and responsibilities of each CND tier, and the primary CND services. There are four topics in this lesson. After completing this introduction, you will explore the roles, responsibilities, functions, and goals of CND, and you will examine the primary CND services in greater detail. Rich Media Text Description. Course: D O D Intrusion Detection System (I D S) Analysis, Part 4: C N D Analysis: Incident Response and Analysis, Lesson 2: D O D C N D S P Program. For each screen you will hear a description. The description is cued by an audio tone. Listen to the description, and then select the play audio narration button to continue. Screen 1 of 10. Lesson title: D O D C N D S P Program. Topic title: Introduction. Screen title: Objectives and Topics. Three learning objectives display in support of audio. Four topics display. The first topic is titled Introduction. The second topic is titled C N D Overview. The third topic is titled Primary C N D Services. The fourth and final topic is the Conclusion. Text displays: References to open source or freeware in this training product are for training purposes only, and should not be considered endorsements of these products. Please check with your command, service, or agency for guidance on the use of these products. The acronym C N D S P becomes a rollover that reads Computer Network Defense (C N D) Service Provider.CND OverviewCND Frameworkdisaiar02_022Within the DoD, the CND function is organized into three tiers. Tier One operates at the global level to provide DoD-wide CND operational direction, support, and situational awareness to commands, services, and agencies, or C/S/As, and to field activities through policy and other guidance. Tier One includes USSTRATCOM, USCYBERCOM, and other supporting entities. Tier Two operates regionally at the component level to provide DoD component-wide CND operational direction and support in response to direction from Tier One. It also supports Tier One through information dissemination and incident reporting. Tier Two includes multiple C/S/A and field activity CNDSPs designated by heads of components to coordinate component-wide CND. Tier Three operates locally at the enclave level to provide local CND operational direction and support in response to direction from a designated Tier Two entity. Subscribers at Tier Three deploy protection and detection TTPs and disseminate network security information, attack sensing and warning data, and other incident indicators as required by the assigned CNDSP. Tier Three includes bases, posts, camps, stations, and other entities responding to direction from a Tier Two C/S/A or field activity CNDSP, such as local control centers that manage and control information systems, networks, and services, whether deployed or fixed, at DoD installations. Screen 2 of 10. Topic title: C N D Overview. Screen title: C N D Framework. Text displays at top of screen reading C N D Framework. Three boxes display beneath text. The first box represents Tier One. The second box represents Tier Two. The third box represents Tier Three. Text displays in support of audio. The term U S strat com becomes a rollover that reads U.S. Strategic Command. The term U S cyber com becomes a rollover that reads U.S. Cyber Command. The words supporting entities become a rollover that reads as follows: Director of National Intelligence (D N I), National Security Incident Response Center (N S I R C), Intelligence Community Incident Response Center (I C I R C), Defense Criminal Investigative Organization (D C I O), National Security Agency/Central Security Threat Operations Center (N T O C), Defense Information Systems Agency (D I S A). The acronym C S A becomes a rollover that reads command, service, agency. The acronym T T Peas becomes a rollover that reads tactics, techniques, and procedures.CND Function and Goalsdisaiar02_033A primary function of CND is to provide a rapid response to network intrusions and other unauthorized activities occurring on DoD information systems and networks. The goals of incident response are to identify the extent of compromise, eradicate malicious and unauthorized activity from the affected networks, and collect indicators for detection and prevention of malicious activity on DoD networks. Screen 3 of 10. Screen title: C N D Function and Goals. Reprised image displays of basic network showing a network intrusion. Text displays in support of audio.CND ServicesOverview of CND Servicesdisaiar02_044CND Services are the actions taken to prevent or reduce the effects of computer network intrusions that may disrupt, degrade, destroy, exploit, allow unauthorized access to, or facilitate information theft from DoD computer networks, information systems, or their contents. The three primary CND services; Protect, Detect, and Respond, will be discussed in more detail on the following screens. Screen 4 of 10. Topic title: C N D Services. Screen title: Overview of C N D Services. Reprised image displays of basic network with an infected system. As infection spreads to other network components, walls appear to block spread of infection. Text displays in support of audio. Job aid icon displays. Select the job aid to open a printable job aid describing the responsibilities of each C N D service.Protectdisaiar02_055CND Protect Services include several tasks that are undertaken to ensure the security of DoD systems and networks. These tasks include management of the DoD's Information Operations Condition, or INFOCON, system, information assurance and vulnerability management, vulnerability analysis and assessments, red teaming, and malware protection services. Note that Protect Services are often proactive and may not always result from an incident. Select each task to learn more. Protectdisaiar02_05_015 All tiers are responsible for the management of the DoD's Information Operations Condition, or INFOCON, system. Managing this system requires implementation of, compliance with, and reporting on actions taken to create or enhance an information system, network configuration, or assurance posture in response to a CND alert or threat. Management of DoD INFOCON SystemPopup 1 of 5. Popup title: Management of D O D INFOCON System. Text displays in support of audio.Protectdisaiar02_05_025 Information Assurance Vulnerability Alerts, or IAVAs, provide a mechanism to inform all entities of the latest system vulnerabilities and appropriate countermeasures. Management of IAVAs is essential to improving the CND posture of the DoD. Information Assurance Vulnerability ManagementPopup 2 of 5. Popup title: Information Assurance Vulnerability Management. Text displays in support of audio.Protectdisaiar02_05_035 In conjunction with IAVAs, periodic vulnerability assessments, or VAAs, are the primary method of measuring the CND posture of DoD systems and networks. Vulnerability Analysis and AssessmentsPopup 3 of 5. Popup title: Vulnerability Analysis and Assessment. Text displays in support of audio. The acronym I A V A becomes a rollover that reads information assurance vulnerability alerts.Protectdisaiar02_05_045 Combined with VAAs, red team activities are used to assess the security posture of systems, networks, and detection capabilities and recommend improvements to information assurance and CND capabilities. Tiers 2 and 3 support this task in much the same way that they support VAAs. Red TeamingPopup 4 of 5. Popup title: Read Teaming. Text displays in support of audio.Protectdisaiar02_05_055 Provided by Tiers 2 and 3, malware protection services deploy and support anti-virus and anti-malware capabilities based on established signatures and TTPs. Malware Protection ServicesPopup 5 of 5. Popup title: Malware Protection Services. Text displays in support of audio. T T Peas becomes a rollover that reads tactics, techniques, and procedures.Screen 5 of 10. Screen title: Protect. Image displays of basic protected network. Text displays in support of audio. The following phrases become selectable as popups: Management of D O D info con system, information assurance and vulnerability management, vulnerability analysis and assessments, red teaming, malware protection services.Detectdisaiar02_066CND Detect Services provide CND network security monitoring, intrusion detection, and event analysis; attack sensing and warning; and indications and warning, all of which contribute to overall situational awareness. Select Network Security Monitoring/Intrusion Detection, Attack Sensing and Warning, and Indications and Warning to learn more. Detectdisaiar02_06_016Network security monitoring and intrusion detection services identify whether a network has been compromised, expose unauthorized activity, identify vulnerabilities, and provide direction on enhanced security guidance and methodology. Network Security Monitoring/Intrusion DetectionPopup 1 of 3. Popup title: Network Security Monitoring Intrusion Detection. Text displays in support of audio.Detectdisaiar02_06_026Attack sensing and warning, or AS&W, services give the DoD the ability to sense changes in DoD global information system and computer networks. These services include the detection, correlation, identification, and characterization of a large spectrum of intentional unauthorized activity, including computer intrusion or attack. Coupled with the notification to command and decision makers, AS&W services can help command leaders to develop an appropriate response. AS&W is enabled through a managed network of intrusion, misuse, and anomaly detection systems; supporting data fusion and analysis; diagnostics; long-term trend and pattern analysis; and warning communications channels and procedures. Attack Sensing & Warning (AS&W)Popup 2 of 3. Popup title: Attack Sensing and Warning (A S and W). Text displays in support of audio.Detectdisaiar02_06_036Indications and warning, or I&W, services give the DoD the ability to sense changes in adversary activities. These services include those intelligence activities intended to detect and report time-sensitive intelligence information on foreign developments that could involve a threat to the United States or allied military, political, or economic interests or to U.S. citizens abroad. Note that the intelligence community provides indications and warnings for foreign threats from nation states and transnational groups. Indications and Warning (I&W)Popup 3 of 3. Popup title: Indications and Warning (I and W). Text displays in support of audio.Screen 6 of 10. Screen title: Detect. Reprised image displays of basic network. Text displays in support of audio. The following phrases become selectable as popups: network security monitoring intrusion detection, attack sensing and warning (A S and W), indications and warning (I and W).Responddisaiar02_077CND Respond Services include the actions taken to report, analyze, and coordinate a response to any event or computer security incident for the purpose of mitigating any adverse operational or technical effects. Select Incident Reporting, Incident Analysis, and Incident Handling and Response to learn more. Responddisaiar02_07_017Incident reporting includes providing a well-defined framework for the timely reporting of any event or computer security incident. It provides an accurate, meaningful, and complete understanding of the incident, from initial detection to analysis and remediation. This information feeds into the User-Defined Operational Picture, or UDOP, which provides local, intermediate, and DoD-wide situational awareness of CND actions and their effects. Incident ReportingPopup 1 of 3. Popup title: Incident Reporting. Text displays in support of audio.Responddisaiar02_07_027Incident analysis identifies several critical elements of an incident to determine and characterize its possible effects on DoD networks, operational missions, and other defense programs. It relies on effective acquisition, preservation, and timely reporting of incident data. Incident AnalysisPopup 2 of 3. Popup title: Incident Analysis. Text displays in support of audio.Responddisaiar02_07_037Incident handling and response includes the coordinated development and implementation of courses of action, or COAs, that focus on containment, eradication, and recovery. It also ensures the acquisition and preservation of data required for tactical analysis, strategic analysis, and law enforcement or counterintelligence investigations. Incident Handling and ResponsePopup 3 of 3. Popup title: Incident Handling and Response. Text displays in support of audio. The acronym C O A becomes a rollover that reads course of action.Screen 7 of 10. Screen title: Respond. Reprised image displays of basic network. Text displays in support of audio. The following phrases become selectable as popups: incident reporting, incident analysis, incident handling and response.Knowledge CheckKnowledge Checkdisaiar02_088Knowledge Check1500425Includes local control centers that manage information systems at DoD installations.Tier 1 for Statement: Includes local control centers that manage information systems at DoD installations.Tier 2 for Statement: Includes local control centers that manage information systems at DoD installations.Tier 3 for Statement: Includes local control centers that manage information systems at DoD installations.Correct. CND Tier 3 includes local control centers that manage and control information systems, networks, and services, whether deployed or fixed at DoD installations.Incorrect. CND Tier 3 includes local control centers that manage and control information systems, networks, and services, whether deployed or fixed at DoD installations.Operates at the component level.Tier 1 for Statement: Operates at the component level.Tier 2 for Statement: Operates at the component level.Tier 3 for Statement: Operates at the component level.Correct. Tier 2 operates regionally at the component level to provide DoD component-wide CND operational direction and support in response to direction from Tier One.Incorrect. Tier 2 operates regionally at the component level to provide DoD component-wide CND operational direction and support in response to direction from Tier One.Includes USSTRATCOM.Tier 1 for Statement: Includes USSTRATCOM.Tier 2 for Statement: Includes USSTRATCOM.Tier 3 for Statement: Includes USSTRATCOM.Correct. Tier 1 includes USSTRATCOM and supporting entities.Incorrect. Tier 1 includes USSTRATCOM and supporting entities.Provides CND operational direction or support at the enclave level to DoD bases, posts, camps, and stations.Tier 1 for Statement: Provides CND operational direction or support at the enclave level to DoD bases, posts, camps, and stations.Tier 2 for Statement: Provides CND operational direction or support at the enclave level to DoD bases, posts, camps, and stations.Tier 3 for Statement: Provides CND operational direction or support at the enclave level to DoD bases, posts, camps, and stations.Correct. Tier 3 provides local enclave level CND operational direction and support in response to direction from a designated Tier Two entity to DoD bases, posts, camps, stations, and other entities.Incorrect. Tier 3 provides local enclave level CND operational direction and support in response to direction from a designated Tier Two entity to DoD bases, posts, camps, stations, and other entities.Includes agency and field activity CNDSPsTier 1 for Statement: Includes agency and field activity CNDSPs.Tier 2 for Statement: Includes agency and field activity CNDSPs.Tier 3 for Statement: Includes agency and field activity CNDSPs.Correct. Tier 2 includes multiple C/S/A and field activity CNDSPs designated by heads of components to coordinate component-wide CND.Incorrect. Tier 2 includes multiple C/S/A and field activity CNDSPs designated by heads of components to coordinate component-wide CND.Now check your knowledge. Screen 8 of 10. Topic title: Knowledge Check. Screen title: Knowledge Check. Knowledge check is a survey-style activity with five questions and three answer columns labeled Tier 1, Tier 2, and Tier 3. Select the best answer for each of the five questions, and then select Done. Use the keyboard to cycle through the answers.Knowledge Checkdisaiar02_099Knowledge Check1500425Giving the DoD the ability to sense changes in DoD global information system and computer networks is part of which set of CND services?
Question 1 of 3.Protect ServicesDetect ServicesRespond ServicesCorrect. Attack sensing and warning (AS&W) services give the DoD the ability to sense changes in DoD global information system and computer networks. It is part of the CND Detect Services.Incorrect. Attack sensing and warning (AS&W) services give the DoD the ability to sense changes in DoD global information system and computer networks. It is part of the CND Detect Services.Management of the DoD’s INFOCON system is part of which set of CND services?
Question 2 of 3Protect ServicesDetect ServicesRespond ServicesCorrect. The management of the DoD’s Information Operations Condition (INFOCON) system is part of the CND Protect Services.Incorrect. The management of the DoD’s Information Operations Condition (INFOCON) system is part of the CND Protect Services.Identifying critical elements of an incident is part of which set of CND services?
Question 3 of 3Protect ServicesDetect ServicesRespond ServicesCorrect. Incident analysis identifies several critical elements of an incident to determine and characterize its possible effects on DoD networks, operational missions, and other defense programs. It is part of the CND Respond Services.Incorrect. Incident analysis identifies several critical elements of an incident to determine and characterize its possible effects on DoD networks, operational missions, and other defense programs. It is part of the CND Respond Services.Now try these questions. Screen 9 of 10. Screen title: Knowledge Check. Knowledge check is a series of three multiple-choice questions, each with the same three answer options. Select the best answer, and then select Done. Use the keyboard to cycle through the answers.ConclusionSummary and Conclusiondisaiar02_1010Congratulations! You have completed the lesson on the DoD CNDSP program. You should now be able to identify the structure of the DoD CNDSP program, the roles and responsibilities of each CND tier, and the primary CND services. Screen 10 of 10. Topic title: Conclusion. Screen title: Summary and Conclusion. Congratulations text displays. Text displays in support of audio. Objectives bullets change to checkmarks in sync with audio. The acronym C N D S P becomes a rollover that reads Computer Network Defense (C N D) Service Provider.