Home : security blog

CNSSI 12-53: New Security Control Catalog for National Security Systems

New DIACAP Certification & Accreditation IA Controls

The DoD has had the same IA controls since DoD 8510.1-M, controls since DoD 8510.1-M, Department of Defense Information Technology System Certification & Accreditation Process (DITSCAP), July 31, 2000 – it was developed late last century.

The DoD has a total of 157 IA controls spread across 8 subject areas in 4 classes:

DC – Security Design & Configuration

IA – Identification and Authentication

EC – Enclave & Computing

EB – Enclave Boundary Defense

PE – Physical & Environmental

PR – Personnel

CO – Continuity

VI – Vulnerability

There is a huge change coming in certification & accreditation for the DoD coming. The IA controls are being expanded and changed. The last two DIACAP classes I’ve been to mentioned that there is a big change coming. Essentially, all the IA Controls (security controls, safeguards, countermeasures.. whatever your organization is calling them) are getting expanded. All federal organizations will have security controls that look more like what is in the National Institute of Standards and Technology Special Publication 800-53. This is all being placed in the Committee on National Security Systems Instruction (CNSSI) 1253. As of 25 June 2009, the CNSSI 1253 is still in draft.

The draft has 17 families & identifiers in three security control classes.

TABLE 1: SECURITY CONTROL CLASSES, FAMILIES, AND IDENTIFIERS
IDENTIFIER FAMILY CLASS

AC Access Control Technical

AT Awareness and Training Operational

AU Audit and Accountability Technical

CA Certification, Accreditation, and Security Assessments Management

CM Configuration Management Operational

CP Contingency Planning Operational

IA Identification and Authentication Technical

IR Incident Response Operational

MA Maintenance Operational

MP Media Protection Operational

PE Physical and Environmental Protection Operational

PL Planning Management

PS Personnel Security Operational

RA Risk Assessment Management

SA System and Services Acquisition Management

SC System and Communications Protection Technical

The CNSSI has about 500 controls with pretty good granularity.

One of the really cool thing about 1253 was the security control mapping. It’s a table that matches up 800-53, DCID 6/3 and DODI 8500.2.

Popularity: 1% [?]

EZ1 Rate report from a reader

Hi,
I want to apologize everyone. I am one of the employee working with EZ1 Rate. It is a Scam. Preveiouly it was Value Benefits of America and then its name got changed as Caller Advantage then Super Savings and now it is EZ1 Rate.

This company is situated in India. We r asked to take the Credit Card numbers of customers saying tht it is just an identification number but it is a very important numbers of cards.

after taking the numbers the card is charged of any amount and then after every month the card is getting charged. if u read this then pls sumone launch a complaint against this company. many r the ladies and old people who give us the credit card numbers so easily.

i m giving the name of the company who is running it is Silgate Solution. it is india one branch is in Delhi in gurgaon another 2 branches r in Mahaashtra in mumbai. if u want the complete address then check out for the silgate call center in yahoo else visit www.silgate.cc

Jack
New York, New York
U.S.A.

i found this today i had some call me to asking the same thing that you have writen in these bolgs but i am a cop so i know this was a joke so while i was on the phone i googel what he told me. there was no info of a build and a company name.dont ever gave you info ever over the phone. i called a # for reporting a a scam the are the fedrual some of such there # is 877-382-4357 call them and tell them what happen so the can find these crimanal.

Popularity: 4% [?]

AMERICAN ADVANTAGE Benefits address phone number

If you didn’t know, AMERICAN ADVANTAGE Benefits is a false organization doing international fraud with organizations like EZ 1 rate. They commit financial fraud and sell the personal information of unsuspecting victims.
One of my readers gave me the inside scoop on American Advantage Benefit’s real address:

630 Albert st. Oshawa Ontario,

Canada 4H4T5

AMERICAN ADVANTAGE Benefits phone number: 323-230-9576

Canada, just as I suspected.

Popularity: 8% [?]

You Hack US, We Nuke You!

The United States’ top commanding officer for the space and cyber domains told reporters last week that a cyber attack could merit a more conventional military response.

During a press briefing on Thursday, U.S. Air Force General Kevin Chilton, who heads the U.S. Strategic Command, told reporters that top Pentagon advisors would not rule out a physical attack on any force that attacks the United States through the Internet. Currently, the military’s networks are probed thousands of times a day, but the goal of attackers seems to be espionage, not to take down critical networks, he told reporters –

– Security Focus

I don’t believe that military force is the equivalent action for a cyber attack. Arrest and/or apprehension is the physical response necessary for criminal hackers attacking from other countries. Cyber counter-attacks are the correct response for government funded & coordinated attacks.

I think if the U.S. reciprocates a cyber attack x10 when other countries are playing little games, we’d get our message across effectively. We should do so in a well funded and covert way in which the enemy has NO DOUBT that the face slap came from a U.S, hand, but no proof at all allowing plausible deniability. It should be black Ops hacks, very well coordinated, very well funded and full time.

I don’t think the US can be complacent or wrecklessly meek in matters of cyber warfare. Instead, it must be fair, quiet and heavy handed when it comes to one of its most valuable asset, information.

Popularity: 4% [?]