Project Assignment: Department of Defense (DoD) Ready
Purpose
This course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.
Learning Objectives and Outcomes
Successful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:
• Evaluate compliance laws relevant to the U.S. Department of Defense.
• Assess policy frameworks appropriate for an organization in a given scenario.
• Evaluate security controls and standards for the seven domains of a typical IT infrastructure.
• Develop DoD-compliant policies for an organization's IT infrastructure.
Required Source Information and Tools
Web References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on August 26, 2020.
The following tools and resources will be needed to complete this project:
• Course textbook
• Internet access
• DoD instructions or directives
• Risk Management Framework (RMF) for DoD Information Technology (IT).
• U.S. Department of Defense (DoD) Chief Information Office Library
• Department of Defense Information Security Program.
• Department of Defense Internet Services and Internet-Based Capabilities.
You may consult other relevant sources, if needed. If so, include citations for those sources in the final deliverable for this report.
Scenario
You are a security professional for Blue Stripe Tech, an IT services provider with approximately 400 employees. Blue Stripe Tech partners with industry leaders to provide storage, networking, virtualization, and cybersecurity to clients.
Blue Stripe Tech recently won a large DoD contract, which will add 30 percent to the revenue of the organization. It is a high-priority, high-visibility project. Blue Stripe Tech will be allowed to make its own budget, project timeline, and tollgate decisions.
As a security professional for Blue Stripe Tech, you are responsible for developingsecurity policies for this project. These policies are required to meet DoD standards for delivery of IT technology services to the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency.
To do this, you must develop DoD-approved policies, standards, and control descriptions for your IT infrastructure (see the "Tasks" section in this document). The policies you create must pass DoD-based requirements. Currently, your organization does not have any DoD contracts and thus has no DoD-compliant security policies, standards, or controls in place.
Blue Stripe Tech's computing environment includes the following:
1. 12 servers running the latest edition of Microsoft Server, providing the following:
• Active Directory (AD)
• Domain Name System (DNS)
• Dynamic Host Configuration Protocol (DHCP)
• Enterprise resource planning (ERP) application (Oracle)
• A research and development (R&D) engineering network segment for testing, separate from the production environment
• Microsoft Exchange Server for email
• Email filter
• Cloud-based secure web gateway (web security, data loss protection, next-generation firewall, cloud application security, advanced threat protection)
2. Two Linux servers running Apache Server to host your website
3. 400 PCs/laptops running Microsoft Windows 10, Microsoft 365 office applications, and other productivity tools
Task
• Develop a list of compliance laws required for DoD contracts.
• Determine which policy framework(s) will be used for this project.
• List controls placed on domains in the IT infrastructure.
• List required standards for common devices, categorized by IT domain.
• Develop DoD-compliant policies for the organization's IT infrastructure.
• Describe the policies, standards, and controls that would make the organization DoD compliant.
• Develop a high-level deployment plan for implementation of these polices, standards, and controls.
• Write a professional report that includes all of the above content-related items and citations for all sources.
Format your assignment according to the give formatting requirements:
• The answer must be using Times New Roman font (size 12), double spaced, and typed, with one-inch margins on all sides.
• The response also includes a cover page containing the student's name, the title of the assignment, the course title, and the date. The cover page is not included in the required page length.
• Also include a reference page. The references and Citations should follow APA format. The reference page is not included in the required page length.