Details are being revealed about what the Department of Defense (DoD) cybersecurity scorecard 2.0 will look like and how it plans to harness automation to better protect against threats to our infrastructure.

The DoD Cyber Scorecard measures how organizations are achieving compliance with cyber basics and is regularly reported up the chain of command. This measure was developed in response to the Cybersecurity Discipline Implementation Plan which emphasizes the need for organizations across the Department to reinforce basic, pre-existing cybersecurity requirements.

The department analyzed cybersecurity incidents impacting its networks and systems and found systematic shortfalls in the ways the Department took care of its basic cybersecurity requirements. These cyber basics include things like keeping software up to date and ensuring users with extended access privileges log on in a special way.

The plans 4 main focus areas include:

  1. Ensuring Strong Authentication- How do users log onto devices and systems?
  2. Hardening Devices- Are devices properly configured and regularly updated?
  3. Reduce the Attack Surface- How many things directly connect to the public Internet?
  4. Detecting and Responding to Potential Intrusions- Can cyber defenders to their jobs?

The first version of the cybersecurity scorecard was developed to help senior leaders get a better understanding of where their agencies are at when it comes to protecting networks. DoD hopes to turn that scorecard into an actionable plan and systems to help boost defenses systems.

DoD Deputy CIO for Cybersecurity, Ed Brindley, says the DoD wants Scorecard 2.0 to integrate automation on the frontend and backend of systems, with hopes of using the automatic collection of data to collect cybersecurity hygiene trends about an agency of service. Scorecard 2.0 is said to be more about automated reporting and looking at things like heat maps to better understand threats.

Acting Director of Cybersecurity and Information Assurance for the Army CIO Col. Donald Bray insists that the technology to achieve this exists; it’s just a matter of monitoring and updating the cyber controls they use as systems continue to face new risks and threats.

NNT suggests getting the cybersecurity basics covered, harnessing automation to assess vulnerabilities and remediate them, and implementing the NIST 800-53 Security Controls. NNT Change Tracker uses a continuous monitoring approach to provide integrity verification in real-time, providing audit trail evidence and alerts in line with 800-53.

 

Speak to a consultant to help you in your NIST 800-53 compliance program today!

Contact Us

 

 

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2018, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.