For mobile, landscape view is recommended.
For new or major modernization projects, the Systems Integrator will establish a Test and Development Environment (TDE) that replicates the Production Environment to the highest degree possible starting with the Level 4 Workstations, Servers, software and with at least one of each of the Level 3-0 major components, devices, and actuators. At approximately the 50-75% construction complete, the TDE will be used to perform Factory Acceptance Testing (FAT) of the project to ensure the project has end-to-end functionality, has been properly configured using the Security Content Automation Protocol (SCAP) tool and the Security Technical Implementation Guides (STIGS), all patches (OS and CS) are installed and properly configured, and begin creating the artifacts for the draft System Security Plan.
At approximately 95-100% construction complete, the TDE will be used to conduct Site Acceptance Testing of the complete FRCS, and if required, Penetration testing. The SAT artifacts will be included in the final System Security Plan, FMC and Jump-Kit (if required).
The FRCS Project Team/System Integrator will transfer the TDE to the Project PM for inclusion into the Platform Enclave FRCS Operations Center.
|
Product |
Date Posted |
|
DHS ICS-CERT Cyber Security Evaluation Tool (CSET) CSET is a free tool that can be used by any organization and has the DoD RMF process built-in to create the network architecture diagram, has a plug-in to import GrassMarlin network discovery and inventory files, and creates a Security Plan. |
May 2018 |
|
GrassMarlin is a GOTS tool (free) can be used by any organization and is a passive network and discovery tool that identifies control system components and devices and creates a network architecture diagram and inventory which can be imported into the CSET or Visio tools. |
May 2018 |
|
Glasswire is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful network, firewall, application, alerting and logging tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System. |
Jun 2018 |
|
The tool is a data gathering and analysis tool for IT systems. The tool can be used in the Test and Development Environment to establish the preliminary Functional-Mission Capability Baseline and should be included on the Jump-Kit Rescue CD (if required). |
May 2018 |
|
MalwareBytes is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful AV and Malware detection tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System. |
May 2018 |
|
OSForensics is COTS product (free and purchase versions) that can be used by any organization for forensics of IT systems. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. |
May 2018 |
|
FireEye Redline is COTS product (free) that can be used by any organization for forensics of IT systems. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. |
May 2018 |
|
The suite of tools can be used by any organization to evaluate OS and system performance and search for malware and isolate process and threads. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. |
May 2018 |
|
Host-Based Scanning System (HBSS) /Assured Compliance Assessment Solution (ACAS) Tools HBSS and ACAS are components of the DISA Endpoint Security Solutions (ESS) suite which is an integrated set of capabilities that work together to detect, deter, protect, and report on cyber threats across all DOD networks. The FRCS designer, construction and systems integrators will not typically have access to HBSS ACAS; CIO and DISA typically deploy the tools to the new systems being added to the DoD network. |
May 2018 |