SEARCH RESULTS


About CyberAssist     

About DIB SCC CyberAssist The Defense Industrial Base Sector Coordinating Council (DIB SCC) serves as the primary private sector policy coordination and planning entity for the DIB to discuss cybersecurity, physical security, insider threat and issues that affect the...
Read More

The Defense Industrial Base Sector Coordinating Council (DIB SCC) serves as the primary private sector policy coordination and planning entity for the DIB to discuss cybersecurity, physical security, insider threat and issues that affect the resiliency of the DIB. The DIB SCC sustains the security, resilience and critical infrastructure protection advances of the U.S. Defense Industry, both as an industry coordinating body within the DIB sector, and in partnership with the Department of Defense (DoD) as the designated Sector Specific Agency (SSA) for the DIB. The DoD’s counterpart to the SCC is the DIB Government Coordinating Council (DIB GCC).

In early 2019, the DIB SCC formed the CyberAssist Task Force to enhance oversight and supplier accountability by providing cybersecurity resources to DIB companies and suppliers of varying sizes.

CyberAssist Mission:

Provide trusted resources to assist DIB companies and suppliers of varying sizes with implementation of cyber protections, and awareness of cyber risk, regulations and accountability for their supply chain.

Problem:

Targeting of the multi-tier supply chain by cyber adversaries is an existential threat to national security and customers. New regulations, standards, technologies and the evolving threats creates a volume of information that is challenging for Small and Medium Businesses (SMBs) to reconcile and adopt. This makes it arduous to achieve a holistic and sustainable cybersecurity program to effectively defend their networks and supply chain.

 

Objectives:

    • Provide trusted resources for short and long term cyber resiliency within the DIB supply chain.

    • Deploy a platform to share awareness, threats, best practices, tools and other resources from DIB industry peers, government groups and initiatives.

    • Collaborate with industry peers, government groups, and cybersecurity organizations to provide credible resources and updates on cyber regulations, threats, trends and best practices.

Read Less

AC.L2-3.1.7 Privileged Functions     

CMMC Requirement AC.L2-3.1.7 – Privileged Functions: Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document...
Read More

CMMC Requirement AC.L2-3.1.7 – Privileged Functions: Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.

Links to Publicly Available Resources

Discussion [NIST SP 800-171 R2]
Privileged functions include establishing system accounts, performing system integrity checks, conducting patching operations, or administering cryptographic key management activities. Non-privileged users are individuals that do not possess appropriate authorizations. Circumventing intrusion detection and prevention mechanisms or malicious code protection mechanisms are examples of privileged functions that require protection from non-privileged users. Note that this requirement represents a condition to be achieved by the definition of authorized privileges in 3.1.2 (AC.L1-3.1.2).
Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Logging the use of privileged functions is one way to detect such misuse, and in doing so, help mitigate the risk from insider threats and the advanced persistent threat.

Further Discussion
Non-privileged users should receive only those permissions required to perform their basic job functions. Privileged users are granted additional permissions because their jobs require them. Privileged functions typically involve the control, monitoring, or administration of the system and its security measures. When these special privileged functions are performed, the activity must be captured in an audit log, which can be used to identify abuse. Nonprivileged employees must not be granted permission to perform any of the functions of a privileged user.
This requirement, AC.L2-3.1.7, manages non-privileged users by logging any attempts to execute privileged functions. AC.L2-3.1.7 leverages AU.L2-3.3.2, which ensures logging and traceability of user actions. AC.L2-3.1.7 also extends AC.L2-3.1.2, which defines a requirement to limit types of transactions and functions to those that authorized users are permitted to execute.

Read Less

AT.L2-3.2.3 Insider Threat Awareness     

CMMC Requirement AT.L2-3.2.3 – Insider Threat Awareness: Provide security awareness training on recognizing and reporting potential indicators of insider threat. Links to Publicly Available Resources Carnegie Mellon University – Effective Insider Threat...
Read More

CMMC Requirement AT.L2-3.2.3 – Insider Threat Awareness: Provide security awareness training on recognizing and reporting potential indicators of insider threat.

Links to Publicly Available Resources

Discussion [NIST SP 800-171 R2]
Potential indicators and possible precursors of insider threat include behaviors such as: inordinate, long-term job dissatisfaction; attempts to gain access to information that is not required for job performance; unexplained access to financial resources; bullying or sexual harassment of fellow employees; workplace violence; and other serious violations of the policies, procedures, directives, rules, or practices of organizations. Security awareness training includes how to communicate employee and management concerns regarding potential indicators of insider threat through appropriate organizational channels in accordance with established organizational policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role (e.g., training for managers may be focused on specific changes in behavior of team members, while training for employees may be focused on more general observations).

Further Discussion
An insider threat is the threat that an insider will use their authorized access, wittingly or unwittingly, to do harm. Insider threat security awareness training focuses on recognizing employee behaviors and characteristics that might be indicators of an insider threat and the guidelines and procedures to handle and report it. Training for managers will provide guidance on observing team members to identify all potential threat indicators, while training for general employees will provide guidance for focusing on a smaller number of indicators. Employee behaviors will vary depending on roles, team membership, and associated information needs. The person responsible for specifying insider threat indicators must be cognizant of these factors. Because of this, organizations may choose to tailor the training for specific roles. This requirement does not require separate training regarding insider threat. Organizations may choose to integrate these topics into their standard security awareness training programs.

Read Less

CrowdStrike – Detecting Insider Threat Indicators     

Read Less
https://www.crowdstrike.com/en-us/cybersecurity-101/identity-protection/insider-threat-indicators/

This web page provides information on threat detection, common threat indicators, the importance of early detection and insider threat prevention best practices. Also included, are steps an organization can follow to help detect insider threats to avoid a cybersecurity breach or limit the possible damage (i.e. revoking access).

Cybersecurity and Infrastructure Security Agency – Human Resources’ Role in Preventing Insider Threats     

Read Less
https://www.cisa.gov/sites/default/files/2024-07/hrs-role-in-preventing-insider-threats-fact-sheet_07-29-2024_508.pdf

This fact sheet identifies to strategies that can be established during an employees work lifecycle including screening/hiring for potential negative indicators that could impact an individual’s ability to safeguard CUI, continuous monitoring and training, and post-employment/termination actions including access control.