NDISAC Working Groups

Application Security

The Application Security Working Group will focus on the development, sharing, coordination and adoption of best practices for getting cybersecurity into enterprise software development lifecycle efforts. The working group will share best practices associated with ensuring awareness of security risks and methods to inject security into the SDLC. The Application Security Working Group will provide a forum for discussion as well as a repository for best practices for members of the NDISAC.

Capabilities, Processes & Readiness

The NDISAC Capabilities, Processes & Readiness (CPR) Working Group assists small/medium sized companies grow or develop cybersecurity capabilities by producing and discussing general security best practices. Members discuss effective threat intelligence sharing and develop procedures, processes and tips to help build threat intel and IR teams. Additionally, the working group works on security tool development and suggestions and general awareness to prepare for an incident (proactive instead of reactive).

Members for the CPR Working Group include those within their organization who have experience with incident response and/or threat intelligence, knowledge of their organizational security capabilities, and the ability to influence (or discuss with someone who can influence) security decisions within their organization. If you are interested in learning more or becoming a member of the CPR Working Group contact info@ndisac.org.

Cloud Security & Architecture

The Cloud Security Architecture Working Group discusses, develops and publishes recommended security architectures and settings that can be implemented to ensure the secure operation of cloud services that are subscribed to by a member organization. This can include IaaS, PaaS, and SaaS type services from CSPs. Additionally, this working group identifies security controls for common cloud services in compliance with DFARs regulations and meets best practice security for A&D industry data protection.

The Cloud Security Architecture Working Group members include practitioners responsible for cloud security implementation or architecture standards within their organization. Members should be technical security engineers familiar with hardening cloud implementations. If you are interested in learning more or becoming a member of the Cloud Security Architecture Working Group contact info@ndisac.org.

Cybersecurity Policy

The Cyber Policy Working Group focuses on communicating with the government on issues of importance to the NDISAC membership. The working group also engages the government on the impact of policy on the national defense community. While this working group partners with other working groups (i.e. Cybersecurity Standards and Regulations), the primary issue area will depend on what’s most relevant to the NDISAC. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Cybersecurity Standards and Regulations

The Cybersecurity Standards and Regulations Working Group focuses on Government actions related to DFARS Clause 252.204-7012, NIST SP 800-171 and DoD regulations impacting cybersecurity policy and operations. The working group also focuses on National Archives and Records Administration (NARA) compliance issues. In addition to discussing best practices, lessons learned and DoD strategies/publications/regulations, this working group also reviews and drafts comments for interim rules and provide an official NDISAC position for meeting these requirements. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Data Classification + DLP

The Data Classification and Data Loss Prevention (DLP) Working Group defines standards and best practices with a primary focus on technology engineering and policy. This working group discusses vendors and offerings, engineering, and other common approaches that can be adopted by members.

The Data Classification and DLP Working Group welcomes SMEs that understand the relationship between data classification and DLP and are from organizations that already have a classification or DLP program (or both) in place. Members should have a basic understanding of technologies and capabilities underlying classification or DLP and must have some experience testing, implementing, or evaluating these technologies. Attorneys are also welcome to participate in this working group. If you are interested in learning more or becoming a member of the Data Classification & DLP Working Group contact info@ndisac.org.

Endpoint Defense

The Endpoint Defense Working Group evaluates current prevention tools and techniques that increase defensive effectiveness against attackers. This working group carefully reviews, collaborates and make recommendations on machine learning, behavioral analysis, and other current endpoint defense solutions.

The Endpoint Defense Working Group welcomes members with thorough knowledge and experience installing and deploying endpoint protection and other information security products. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Insider Threat

The Incident Response Best Practices Working Group focuses on the business process that formalizes the management and use of an enterprise’s incident response protocols. IR Best Practices will focus on the people, processes, and technologies that enable organizations to collect security threats data and alerts from different sources for use in preventing and responding to incidents. They help to analyze and prioritize incident analysis and response procedures. Lastly, this working group reviews the threat landscape to make recommendations on where to deploy resources. The working group will be structured to allow for the sharing of practical guidance and lessons learned from member organizations, rather than simply a collection of ideal best practices.

Insider Threat

The Insider Threat Working Group develops and publishes cyber operational strategies and best practices with respect to a wide-range of business and risk objectives in response to cyber security threats, attacks, and vulnerabilities. This working group reviews threat intelligence from member companies and other sources, with an analytical focus on threat and risk rather than any specific threat actor.

The Insider Threat Working Group welcomes new members who have experience with insider threats, including: SMEs, cybersecurity leads, and managers. If you are interested in learning more or becoming a member of the Insider Threat Working Group contact info@ndisac.org.

International Access

The International Access Working Group focuses on international policy and regulations specifically related to technology. This working group explores ways to educate network administrators on how to securely and compliantly access systems outside the United States.

The International Access Working Group welcomes new members who have experience in international government relations and cybersecurity/technology policies and regulations. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Mobility

The Mobility Working Group focuses on policies and best practices for protecting mobile devices with an emphasis on mobility as a growing vector for breaches and theft of information. This working group also reviews and recommends industry-leading initiatives and management strategies to help companies in crafting policies related to mobile devices.

The Mobility Working Group is looking for members with wide-ranging based knowledge in multiple domains of information security including mobile protection and policy. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Mutual Aid Incident Response

The Mutual Aid Incident Response Working Group defines policies, procedures, and guidelines for incident response and incident response services. This working group also conducts table top exercises to assist NDISAC member organizations prepare for an actual incident and provides guidance to member organizations on what additional skills/tools would be needed to enhance their incident response. The working group is designed to prepare members for an incident but is not a replacement for incident response services.

The Mutual Aid Incident Response Working Group includes SMEs, SOC managers, network administrators, security operations administrators, IR specialists, and threat intelligence analysts. Working group members must be adaptable to different organizational needs. If you are interested in learning more or becoming a member of the Mutual Aid Incident Response Working Group contact info@ndisac.org.

Operational Technology (OT)/Internet of Things (IoT)

The OT/IoT Working Group focuses on OT and IoT technologies with physical consequences or implications. This peer collaboration group defines standards, approaches, and guidance toward appropriate security of OT and IoT spanning a variety of business integrations (ICS, SCADA, site logistics, IoT, and other cyber-physical solutions); produces and discusses cyber-physical security best practices; and educates members on risks inherent in OT applications.

Members include those within their organization who work directly with security solutions for OT/IoT with physical implications, understand the foundational aspects of computing technologies, and have the ability to influence (or discuss with someone who can influence) security decisions within their organization. If you are interested in learning more or becoming a member of the OT/IoT Working Group contact info@ndisac.org.

Platform as a Service (PaaS)

The Plat as a Service (PaaS)Working Group focuses on reviewing and providing comment on IT Service Management products that connect the tools of legacy networks. This working group will seek ways to offer comments and observations to the manufacturers of PaaS and SaaS products so that they can better tailor products to NDISAC member companies. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Red Team Working Group

The focus of the red team working group (RTWG) is to collaborate and develop effective offensive security practices to better simulate real-world attacks and provide starting points for others who may launch Red Team based projects.

The RTWG will investigate and provide documented recommendations based on the interest of the members. The following represent some of the possibilities to be discussed.

  • Baselining techniques, tactics and procedures (TTPs)
  • Adversary simulation
  • Purple team strategies
  • Red Team Infrastructure design and deployment
  • Engagement structure and guidance
  • Reporting standards
  • Automating attacks and re-tests
  • Ethics guidelines and Red Team member expectations

Remote Access

The Remote Access Working Group will focus on the security and architect of virtual private network technology, including defining standards, approaches, and guidance. The working group will develop remote access cybersecurity best practices, educate members on risks and discuss vulnerabilities and remediation techniques. The working group will also create a single online view of remote access services and help to define a common vocabulary to create a “single voice” to use with providers on security, operational issues, and enhancements.

Members include those within larger organizations who are responsible for building and influencing supplier and vendor cybersecurity risk management processes, experienced with suppliers and vendor cybersecurity risk management, and have the time and focus help to drive repeatable solutions that can be used by the NDSIAC membership. If you are interested in learning more or becoming a member of the Supply Chain Working Group contact info@ndisac.org.

Social Media Security

The Social Media Security Working Group focuses on initial techniques and best practices for social media monitoring as well as helping members realize and recognize when there is a problem with social media, including:

  • Adversary targeting of employees
  • Sending messages to employees via social media
  • Social engineering practices
  • Malware delivery
  • How to possibly identify and alert on exfiltration of data

Social media security is the “new/next frontier” targeting and attack vector, that has the possibility of hitting almost every kill chain phase within an organization. It is an area that security teams are just starting to learn how to deal with. The working group allows organizations to come together and discuss ideas and share knowledge about social media security.

Members include those within the organization who have the ability to initiate a social media monitoring program and those who understand how their network is setup. If you are interested in learning more or becoming a member of the Social Media Security Working Group contact info@ndisac.org.

Splunk Enterprise Security Working Group

This working group will work to identify components of Splunk Enterprise Security that have been found to be most beneficial to the members of the working group. The intent is that we would share Splunk content with group members as well as overall configurations to illustrate how we can leverage components of Splunk to best meet our collective security posture needs. Splunk ES Admin / User training has been found to be rather light on content & we would like to share what content we can. Users of Splunk Enterprise and Splunk Enterprise with Enterprise Security are welcomed to join this working group. Special focus will be given to how best to automate detection, investigation, and remediation actions that can be initiated from Splunk or other integrated solutions. We will also give particular attention to when & why to use accelerated data models and share Splunk best practices to make results return faster, in more actionable formatting.

Supply Chain Risk Management

The Supply Chain Working Group assists members with the management of supply chain cybersecurity risk by developing and discussing best practices; educating organizations about supplier and vendor cybersecurity risk management; assisting with cyber assessments; and recommending tools and services to protect data in the supply chain and help suppliers be compliant.

Members include those within larger organizations who are responsible for building and influencing supplier and vendor cybersecurity risk management processes, experienced with suppliers and vendor cybersecurity risk management, and have the time and focus help to drive repeatable solutions that can be used by the NDSIAC membership. If you are interested in learning more or becoming a member of the Supply Chain Working Group contact info@ndisac.org.

Tools and Best Practices

The Tools and Best Practices Working Group oversees the development and acquisition of tools and capabilities that most effectively and efficiently meet the functional requirements of NDISAC member company end-users. This working group also conducts an annual Tools and Uses Survey. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

User Authentication

The User Authentication Working Group focuses on the various network access methods of identifying an individual that goes beyond usernames and passwords. This working group explores COTS products that can replace traditional means of end user authentication to prevent unauthorized network access.

The User Authentication Working Group welcomes new members who have experience with evaluating and developing information systems security tools. In addition, the working group members will include those who are cybersecurity leads and/or managers with responsibility for network access. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

User Authentication DIB Supplier Webinar

Vulnerability Management Working Group

The vulnerability management working group (VMWG) will explore solutions and publish guidance based on the interest of the working team in the following areas:

  • The lifecycle process to identify and classify assets
  • Key roles / comparison of methods across companies
  • Risk rating methodology
  • Emergent vulnerability response processes / tabletop exercises
  • Intelligence data sources / uses
  • Patch management scope / best practices
  • Automation of issue tracking and compliance tools
  • Partner with other working groups to integrate common areas of focus
  • How to effectively scale the risk management process to support both small and large companies

The focus of the VMWG is to stay ahead of emerging threats and vulnerabilities, share knowledge and reduce the need to invoke an incident response process.