NDISAC Working Groups

Capabilities, Processes & Readiness (CPR)

The NDISAC Capabilities, Processes & Readiness (CPR) Working Group assists small/medium sized companies grow or develop cybersecurity capabilities by producing and discussing general security best practices. Members discuss effective threat intelligence sharing and develop procedures, processes and tips to help build threat intel and IR teams. Additionally, the working group works on security tool development and suggestions and general awareness to prepare for an incident (proactive instead of reactive).

Members for the CPR Working Group include those within their organization who have experience with incident response and/or threat intelligence, knowledge of their organizational security capabilities, and the ability to influence (or discuss with someone who can influence) security decisions within their organization. If you are interested in learning more or becoming a member of the CPR Working Group contact info@ndisac.org.

Cloud Identity Management

The Cloud Identity Management Working Group focuses on products and services that facilitate user identity and authentication in a secure cloud-based environment. This working group provides a discussion forum for people who are implementing, managing and/or securing such products on their networks. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Cloud Monitoring & IR Support

The Cloud Monitoring and Incident Response (IR) Working Group breaks the mold of traditional host- and network-centric monitoring, focusing rather on techniques adapted specifically for cloud. This working group develops and presents security requirements for monitoring cloud computing infrastructure, network, and host-level layers, and includes guidance for detection and incident response. Additionally, members discuss examples and lessons learned from specific implementations and vendors as opportunity allows.

The Cloud Monitoring and IR Working Group welcomes those who have experience with cloud security monitoring and incident response, including: analysts, information security engineers and practitioners – anyone who is an “in-the-weeds” IR investigator. If you are interested in learning more or becoming a member of the Cloud Monitoring & IR Working Group contact info@ndisac.org.

Cloud Security & Architecture

The Cloud Security Architecture Working Group discusses, develops and publishes recommended security architectures and settings that can be implemented to ensure the secure operation of cloud services that are subscribed to by a member organization. This can include IaaS, PaaS, and SaaS type services from CSPs. Additionally, this working group identifies security controls for common cloud services in compliance with DFARs regulations and meets best practice security for A&D industry data protection.

The Cloud Security Architecture Working Group members include practitioners responsible for cloud security implementation or architecture standards within their organization. Members should be technical security engineers familiar with hardening cloud implementations. If you are interested in learning more or becoming a member of the Cloud Security Architecture Working Group contact info@ndisac.org.

Cybersecurity Policy

The Cyber Policy Working Group focuses on communicating with the government on issues of importance to the NDISAC membership. The working group also engages the government on the impact of policy on the national defense community. While this working group partners with other working groups (i.e. Cybersecurity Standards and Regulations), the primary issue area will depend on what’s most relevant to the NDISAC. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Cybersecurity Standards and Regulations

The Cybersecurity Standards and Regulations Working Group focuses on Government actions related to DFARS Clause 252.204-7012, NIST SP 800-171 and DoD regulations impacting cybersecurity policy and operations. The working group also focuses on National Archives and Records Administration (NARA) compliance issues. In addition to discussing best practices, lessons learned and DoD strategies/publications/regulations, this working group also reviews and drafts comments for interim rules and provide an official NDISAC position for meeting these requirements. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Data Classification + DLP

The Data Classification and Data Loss Prevention (DLP) Working Group defines standards and best practices for with a primary focus on technology engineering and policy. This working group discusses vendors and offerings, engineering, and other common approaches that can be adopted by members.

The Data Classification and DLP Working Group welcomes SMEs that understand the relationship between data classification and DLP and are from organizations that already have a classification or DLP program (or both) in place. Members should have a basic understanding of technologies and capabilities underlying classification or DLP and must have some experience testing, implementing, or evaluating these technologies. Attorneys are also welcome to participate in this working group. If you are interested in learning more or becoming a member of the Data Classification & DLP Working Group contact info@ndisac.org.

Endpoint Defense

The Endpoint Defense Working Group evaluates current prevention tools and techniques that increase defensive effectiveness against attackers. This working group carefully reviews, collaborates and make recommendations on machine learning, behavioral analysis, and other current endpoint defense solutions.

The Endpoint Defense Working Group welcomes members with thorough knowledge and experience installing and deploying endpoint protection and other information security products. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Insider Threat

The Insider Threat Working Group develops and publishes cyber operational strategies and best practices with respect to a wide-range of business and risk objectives in response to cyber security threats, attacks, and vulnerabilities. This working group reviews threat intelligence from member companies and other sources, with an analytical focus on threat and risk rather than any specific threat actor.

The Insider Threat Working Group welcomes new members who have experience with insider threats, including: SMEs, cybersecurity leads, and managers. If you are interested in learning more or becoming a member of the Insider Threat Working Group contact info@ndisac.org.

International Access

The International Access Working Group focuses on international policy and regulations specifically related to technology. This working group explores ways to educate network administrators on how to securely and compliantly access systems outside the United States.

The International Access Working Group welcomes new members who have experience in international government relations and cybersecurity/technology policies and regulations. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Knowledge Management for Incident Response

The Knowledge Management for Incident Response Working Group focuses on the business process that formalizes the management and use of an enterprise’s incident response protocols. This working group also concentrates on the access and use of information assets during incident responses.

The Knowledge Management Working Group welcomes members withexpertise in KM and enterprise consulting/design, configuration, development, and integration. Cybersecurity leaders, managers and enterprise SME are encouraged to join. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Mobility

The Mobility Working Group focuses on policies and best practices for protecting mobile devices with an emphasis on mobility as a growing vector for breaches and theft of information. This working group also reviews and recommends industry-leading initiatives and management strategies to help companies in crafting policies related to mobile devices.

The Mobility Working Group is looking for members with wide-ranging based knowledge in multiple domains of information security including mobile protection and policy. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Mutual Aid Incident Response

The Mutual Aid Incident Response Working Group defines policies, procedures, and guidelines for incident response and incident response services. This working group also conducts table top exercises to assist NDISAC member organizations prepare for an actual incident and provides guidance to member organizations on what additional skills/tools would be needed to enhance their incident response. The working group is designed to prepare members for an incident but is not a replacement for incident response services.

The Mutual Aid Incident Response Working Group includes SMEs, SOC managers, network administrators, security operations administrators, IR specialists, and threat intelligence analysts. Working group members must be adaptable to different organizational needs. If you are interested in learning more or becoming a member of the Mutual Aid Incident Response Working Group contact info@ndisac.org.

Operational Technology (OT)/Internet of Things (IoT)

The OT/IoT Working Group focuses on OT and IoT technologies with physical consequences or implications. This peer collaboration group defines standards, approaches, and guidance toward appropriate security of OT and IoT spanning a variety of business integrations (ICS, SCADA, site logistics, IoT, and other cyber-physical solutions); produces and discusses cyber-physical security best practices; and educates members on risks inherent in OT applications.

Members include those within their organization who work directly with security solutions for OT/IoT with physical implications, understand the foundational aspects of computing technologies, and have the ability to influence (or discuss with someone who can influence) security decisions within their organization. If you are interested in learning more or becoming a member of the OT/IoT Working Group contact info@ndisac.org.

Platform as a Service (PaaS)

The Plat as a Service (PaaS)Working Group focuses on reviewing and providing comment on IT Service Management products that connect the tools of legacy networks. This working group will seek ways to offer comments and observations to the manufacturers of PaaS and SaaS products so that they can better tailor products to NDISAC member companies. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

Remote Access WG Scope

The Remote Access Working Group will focus on the security and architect of virtual private network technology, including defining standards, approaches, and guidance. The working group will develop remote access cybersecurity best practices, educate members on risks and discuss vulnerabilities and remediation techniques. The working group will also create a single online view of remote access services and help to define a common vocabulary to create a “single voice” to use with providers on security, operational issues, and enhancements.

Members include those within larger organizations who are responsible for building and influencing supplier and vendor cybersecurity risk management processes, experienced with suppliers and vendor cybersecurity risk management, and have the time and focus help to drive repeatable solutions that can be used by the NDSIAC membership. If you are interested in learning more or becoming a member of the Supply Chain Working Group contact info@ndisac.org.

Social Media Security

The Social Media Security Working Group focuses on initial techniques and best practices for social media monitoring as well as helping members realize and recognize when there is a problem with social media, including:

  • Adversary targeting of employees
  • Sending messages to employees via social media
  • Social engineering practices
  • Malware delivery
  • How to possibly identify and alert on exfiltration of data

Social media security is the “new/next frontier” targeting and attack vector, that has the possibility of hitting almost every kill chain phase within an organization. It is an area that security teams are just starting to learn how to deal with. The working group allows organizations to come together and discuss ideas and share knowledge about social media security.

Members include those within the organization who have the ability to initiate a social media monitoring program and those who understand how their network is setup. If you are interested in learning more or becoming a member of the Social Media Security Working Group contact info@ndisac.org.

Supply Chain

The Supply Chain Working Group assists members with the management of supply chain cybersecurity risk by developing and discussing best practices; educating organizations about supplier and vendor cybersecurity risk management; assisting with cyber assessments; and recommending tools and services to protect data in the supply chain and help suppliers be compliant.

Members include those within larger organizations who are responsible for building and influencing supplier and vendor cybersecurity risk management processes, experienced with suppliers and vendor cybersecurity risk management, and have the time and focus help to drive repeatable solutions that can be used by the NDSIAC membership. If you are interested in learning more or becoming a member of the Supply Chain Working Group contact info@ndisac.org.

Security Orchestration and Response (SOAR)

The Security Orchestration and Response (SOAR) Working Group focuses on technologies that enable organizations to collect security threats data and alerts from various sources. This working group also helps to analyze and prioritize incident analysis and response procedures as well as reviews the threat landscape to make recommendations on where to deploy resources.

Members of the SOAR Working Group include those within their organization who have experience with orchestration tools, techniques and procedures. This could include SOAR SMEs, managers or cybersecurity leads. If you are interested in learning more or becoming a member of the SOAR Working Group contact info@ndisac.org.

Tools and Best Practices

The Tools and Best Practices Working Group oversees the development and acquisition of tools and capabilities that most effectively and efficiently meet the functional requirements of NDISAC member company end-users. This working group also conducts an annual Tools and Uses Survey. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.

User Authentication

The User Authentication Working Group focuses on the various network access methods of identifying an individual that goes beyond usernames and passwords. This working group explores COTS products that can replace traditional means of end user authentication to prevent unauthorized network access.

The User Authentication Working Group welcomes new members who have experience with evaluating and developing information systems security tools. In addition, the working group members will include those who are cybersecurity leads and/or managers with responsibility for network access. If you are interested in learning more or becoming a member of this working group contact info@ndisac.org.