security blog

CNSSI 12-53: New Security Control Catalog for National Security Systems

New DIACAP Certification & Accreditation IA Controls

The DoD has had the same IA controls since DoD 8510.1-M, controls since DoD 8510.1-M, Department of Defense Information Technology System Certification & Accreditation Process (DITSCAP), July 31, 2000 – it was developed late last century.

The DoD has a total of 157 IA controls spread across 8 subject areas in 4 classes:

DC – Security Design & Configuration

IA – Identification and Authentication

EC – Enclave & Computing

EB – Enclave Boundary Defense

PE – Physical & Environmental

PR – Personnel

CO – Continuity

VI – Vulnerability

There is a huge change coming in certification & accreditation for the DoD coming. The IA controls are being expanded and changed. The last two DIACAP classes I’ve been to mentioned that there is a big change coming. Essentially, all the IA Controls (security controls, safeguards, countermeasures.. whatever your organization is calling them) are getting expanded. All federal organizations will have security controls that look more like what is in the National Institute of Standards and Technology Special Publication 800-53. This is all being placed in the Committee on National Security Systems Instruction (CNSSI) 1253. As of 25 June 2009, the CNSSI 1253 is still in draft.

The draft has 17 families & identifiers in three security control classes.

TABLE 1: SECURITY CONTROL CLASSES, FAMILIES, AND IDENTIFIERS
IDENTIFIER FAMILY CLASS

AC Access Control Technical

AT Awareness and Training Operational

AU Audit and Accountability Technical

CA Certification, Accreditation, and Security Assessments Management

CM Configuration Management Operational

CP Contingency Planning Operational

IA Identification and Authentication Technical

IR Incident Response Operational

MA Maintenance Operational

MP Media Protection Operational

PE Physical and Environmental Protection Operational

PL Planning Management

PS Personnel Security Operational

RA Risk Assessment Management

SA System and Services Acquisition Management

SC System and Communications Protection Technical

The CNSSI has about 500 controls with pretty good granularity.

One of the really cool thing about 1253 was the security control mapping. It’s a table that matches up 800-53, DCID 6/3 and DODI 8500.2.

Popularity: 1% [?]

EZ1 Rate report from a reader

Hi,
I want to apologize everyone. I am one of the employee working with EZ1 Rate. It is a Scam. Preveiouly it was Value Benefits of America and then its name got changed as Caller Advantage then Super Savings and now it is EZ1 Rate.

This company is situated in India. We r asked to take the Credit Card numbers of customers saying tht it is just an identification number but it is a very important numbers of cards.

after taking the numbers the card is charged of any amount and then after every month the card is getting charged. if u read this then pls sumone launch a complaint against this company. many r the ladies and old people who give us the credit card numbers so easily.

i m giving the name of the company who is running it is Silgate Solution. it is india one branch is in Delhi in gurgaon another 2 branches r in Mahaashtra in mumbai. if u want the complete address then check out for the silgate call center in yahoo else visit www.silgate.cc

Jack
New York, New York
U.S.A.

i found this today i had some call me to asking the same thing that you have writen in these bolgs but i am a cop so i know this was a joke so while i was on the phone i googel what he told me. there was no info of a build and a company name.dont ever gave you info ever over the phone. i called a # for reporting a a scam the are the fedrual some of such there # is 877-382-4357 call them and tell them what happen so the can find these crimanal.

Popularity: 4% [?]