![]() In this report, we identify recommendations from previous audits. #Dod infosec website softwareThe DoD issued policies that require DoD Components to ensure third-party service providers implement information security management practices such as conducting software inventories and deploying threat monitoring and detection capabilities.All nine DoD Components reported using capabilities to monitor its networks and systems to detect threats and data exfiltration. This includes the use of firewalls, host-based security systems, intrusion detection systems, intrusion prevention systems, and network analysis tools. The DoD uses nine capabilities for monitoring and detecting threats and data exfiltration.Although DoD did not have an agencywide policy, three DoD Components had policies for conducting inventories for software licenses. ![]() #Dod infosec website software licenseOfficials with the DoD Office of the Chief Information Officer stated that they are establishing an agencywide policy for conducting software license inventories in response to a 2014 recommendation in a Government Accountability Office report. However, the DoD did not have policy for conducting software license inventories. The DoD issued policies that require system owners to conduct inventories of software.However, the DoD audit community identified instances of DoD Components not following logical access control requirements. In addition, DoD network and system owners issued procedures for implementing logical access controls using the National Institute of Standards and Technology catalog of system and privacy controls. ![]() ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |