Clients: Case Studies

US Marine Corps

VIGNETTE

Protecting the confidentiality, integrity, availability, authentication, and non-repudiation of United States Marine Corps (USMC) networks, applications, and systems is an utmost priority. TDI recognizes and ensures that Information Assurance (IA) remains an integral part of multiple USMC program lifecycles. TDI has significant and relevant direct experience in providing IA to USMC applications, systems, and networks. TDI has or currently supports the following USMC programs: Automated Performance Evaluation System (A-PES); Optical Digital Imaging Records Management System (ODI-RMS); Joint Force Requirements Generator II (JFRG II); Marine For Life (M4L); Marine Corps Network and Infrastructure Services (MCNIS) Seat Order Management (SOM); Marine Corps Recruiting Command (MCRC) Network; Marine Corps Recruiting Information Support System (MCRISS); and Storage Retrieval Automated Tracking Integrated System (STRATIS).

For all USMC programs that TDI supports, we have successfully guided them through the Certification and Accreditation (C&A) process, obtaining and maintaining timely Authority to Operate (ATO), Interim Authority to Operate (IATO), and Authority to Connect (ATC) documentation as needed. Our experience and support for the USMC stretches far back enough to have proven useful in guiding USMC programs through both the Department of Defense (DOD) Information Technology Security Certification and Accreditation Process (DITSCAP) and Defense Information Assurance Certification and Accreditation Process (DIACAP) processes. Some of the programs required initiating the C&A process from the beginning, while others necessitated incorporating existing IA documentation and tailoring them to fit the current environment. TDI is particularly adept at using our USMC experience to efficiently, quickly, and successfully adapt to all IA situations.

In addition, TDI also manages the IAVA-compliance program on behalf of the G6 via the Operational Directives Reporting System (OPDRS). TDI personnel are members of the USMC Green Team and conduct activities such as incident handling and response. TDI provides traceability (site, user, IPA, hostname, findings, etc.) for identified Marine Corps Emergency Response Team (MARCERT) incidents and finalizes these incidents via submission of a Final Incident Report to the MCNOSC. Personal Identifiable Information (PII) spillage and/or unauthorized disclosure of PII information is handled by TDI staff.

TDI also provides technical IA services in support of network operations. TDI employees perform IA vulnerability management assessments using automated DoD approved tools to include RETINA, nMap, Host Based System Security (HBSS), Hercules, DISA Gold Disk, WebSense, GFI Languard, BelManage, Xacta, USMC IA Toolkit and Security Readiness Reviews. Manual checks are performed when automated tools are not available using DISA Security Technical Implementation Guidelines (STIGs), DISA/NSA Security Checklists, scripts and vendor best practice recommendations for specific technologies. TDI provides the system owner and technical contact remediation consulting services to resolve or mitigate open issues.

TDI also designs, tests, and implements disaster recovery plans for failure of network devices and telecommunications hardware. Moving forward, TDI will support design of a multi-site redundant solution, which will enable immediate failover and load balancing for each recruiting region and the headquarters to ensure the continuity of data availability in case of disaster.

Finally, TDI provides ongoing architectural assessments and evaluations of emergent system capabilities and user requirements to support USMC business needs. We support all activities, from identification of emergent technologies with the potential to resolve operational needs, to assessments of viable candidates to support some USMC systems' operational and technical architecture.

CASE STUDY
USMC MMSB ODI-RMS Network & Systems Engineering

TDI provides technical support to the United States Marine Corps (USMC) in the management of network assets owned by their Manpower Support Branch (MMSB). TDI consolidated MMSB's assets into a known, controlled, and well integrated set. We relied on our well defined methods for network asset management to provide solid technical support services that now afford MMSB with availability, confidentiality, and integrity; stability and security are the constant objectives of our support. TDI also provides systems engineering support that is responsible for installing, configuring, and maintaining the MMSB server farm supporting the Marine Corps ODI-RMS, Performance Evaluation System (PES), and Digital Boardroom (DBR) applications. Server maintenance includes systems operating under Windows NT, 2000, or 2003 as well as Sun and Solaris.

TDI defined a process for discovering assets, such as data network gateways, voice network gateways, commercial applications, servers, and workstations, in the MMSB network; we used our existing methods and tools such as AdRem's NetCrunch or Fluke Network's Lan MapShot Visio plug-in. TDI also supports MMSB with appropriate network configuration services and network performance tuning. As an example, we might perform the following: install username and password protection on all switches; assist with development of a physical diagram of connected devices; disable ports not needed and not in use; enable time synchronization; enable STP to prevent switching loops at layer 2; configure switch port speeds and duplex settings to match; and configure the servers and workstations to all communicate in full duplex. In short, we perform all necessary diagnostic and maintenance activity to ensure that MMSB's network is efficient, stable, and secure.

We began this effort by reviewing network architecture diagrams and designs to determine choke points, singles points of failure, and compatibility problems. TDI also physically reviewed network infrastructure and devices to determine areas for improvement. When necessary, TDI had the means to review network packet captures, firewall logs and configuration settings, switch logs and settings, and router logs and settings, to determine aberrant activity. We accomplished this by analyzing network traffic, troubleshooting anomalies, investigating packet loss, and by reviewing load, AND server and network asset configurations.

In addition, TDI provides MMSB with server maintenance and support services using a system life cycle approach. Following our standard methodology, TDI ensures that server hardware and software go through the following life cycle steps: 1) installation using baseline and build-to standards; 2) troubleshooting of installation to provide full functionality; 3) configuration; 4) operation; 5) upgrades as needed; 6) and periodic testing.

TDI also ensures that it appropriately adopted, and now manages, and improves upon the database and server backup process at MMSB. TDI relies on its experience with Sun 3800 Servers, Hitachi 9800 and Hitachi 9900 storage devices, and Veritas Volume Manager to improve upon MMSB's plan and subsequent execution of backups. Recovery services are an important corollary to backup services that TDI addresses. TDI performs data recovery and analysis including accessing data storage devices using recovery and analysis tools and techniques to recover active and deleted data from inaccessible media and deleted files. TDI also has access to high-end hardware that recovers data to the sector level of hard drives. When required, TDI can provide services to locate and recover previously inaccessible documents, files, and e-mails through computer forensic processes.

CASE STUDY
USMC Automated Performance Evaluation System Assessment

TDI supports the development of the A-PES application by providing PKI, digital certificate, and DITSCAP JITC C&A expertise.  We also provide technical security expertise for guiding security controls within development of A-PES for the USMC.  Throughout the development of A-PES, we have ensured that the associated Department of Defense and USMC security standards are thoroughly adhered to.  The final solution’s design will reflect compliance to the mandated requirements within each of those standards.  The standards that A-PES observes include the Joint Technical Architecture (JTA), Defense Information Infrastructure Common Operating Environment (DII COE), and USMC Information Technology Standards.

In addition, TDI is ensuring compliance with Marine Corps and DoD PKI Requirements such that the A-PES team integrates the USMC PKI middleware into the A-PES solution.  In doing so, A-PES provides the security components of Authentication, Authorization, and Digital Signatures to ensure Non-repudiation and Integrity.  TDI also assists with the A-PES integration with the DoD Common Access Card (CAC).

Finally, TDI is ensuring that A-PES is compliant with and attains the following certifications: Joint Interoperability Test Command (JITC); Federal Information Processing Standards (FIPS); Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP); and National Security Telecommunications and Information Systems Security Policy 11 (NSTISSP11) Common Criteria Evaluation at EAL4.  In order to meet these requirements TDI assisted with the risk assessments and security test and evaluations of A-PES.  TDI also developed the A-PES Security Plan and ultimately authored and carried through the A-PES System Security Authorization Agreement (SSAA).

CASE STUDY
USMC MMSB ODI-RMS Secure Systems Engineering

TDI provides technical support to the United States Marine Corps (USMC) in the secure management of network and server assets owned by their Manpower Support Branch (MMSB). TDI consolidated MMSB's assets into a known, controlled, and well integrated set. We relied on our well defined methods for system asset management to provide solid technical support services that now afford MMSB with availability, confidentiality, and integrity. Stability and security are the constant objectives of our support. TDI provides systems engineering support that is responsible for installing, configuring, and maintaining the MMSB server farm supporting the Marine Corps Optical Digital Interface Records Management System (ODI-RMS), Performance Evaluation System (PES), and Digital Boardroom (DBR) applications.

In addition, TDI provides MMSB with server maintenance and support services using a system life cycle approach. Following our standard methodology, TDI ensures that server hardware and software go through the following life cycle steps: 1) installation using baseline and build-to standards that emphasize security; 2) troubleshooting of installation to provide full functionality; 3) configuration; 4) operation; 5) upgrades as needed; 6) and periodic testing.

TDI also ensures that it appropriately adopted, and now manages, and improves upon the database and server backup process at MMSB. TDI relies on its experience with the SunFire line of servers, Hitachi 9900 storage devices, and Veritas Volume Manager to improve upon MMSB's plan and subsequent execution of backups. Recovery services are an important corollary to backup services that TDI addresses. TDI performs data recovery and analysis including accessing data storage devices using recovery and analysis tools and techniques to recover active and deleted data from inaccessible media and deleted files. TDI also has access to high-end hardware that recovers data to the sector level of hard drives. When required, TDI provides services to locate and recover previously inaccessible documents, files, and e-mails through computer forensic processes.

The MMSB has enjoyed an enhanced security posture of its network and server assets by employing TDI's sound methodology and approach to secure network and system management. From systems development and engineering activities, to network and server maintenance and support, TDI has provide the USMC with secure systems engineering services to ensure the availability, confidentiality, and integrity of its IT infrastructure.

CASE STUDY
USMC MCRC Intrusion Response

TDI provides comprehensive support for the Marine Corps Recruiting Command's nationwide enterprise architecture, including system architecture, administrative support, and help desk operations that support more than 6000 devices and 6500 users. This comprehensive system of support is based on the industry leading ITIL v3.0 framework. The support team provides a complete set of services that includes intrusion detection and response. The TDI Team uses Cisco CAS/CAM solutions along with CISCO MARS to monitor and maintain a robust access control and intrusion detection system to support both Wide Area and Local Area Network users. The 802.1X system is used whenever possible to provide port level security on the network. Each individual workstation is managed for intrusion detection using McAfee's Host Based Security System (HBSS). This includes all Windows XP and Vista based workstations, as well as Windows Server 2003 and Windows server 2008 server backbone. MCRC also uses Windows System Update Services (WSUS) as well as System Center Configuration Manager 2007 (SCCM) to manage and support the security, configuration, and governance process. Day to day Management of the Systems based infrastructure, utilizes Microsoft's Systems Center Operations Manager (SCOM) to provide a comprehensive means of overall enterprise situational awareness and event management.

TDI continues to provide MCRC an enhanced security posture through the use of both network and host-based security intrusion detection and response technologies and support services. TDI works closely with USMC network and security personnel to proactively monitor and protect their network and systems from malicious activity and assist them in responding to IDS alerts, to include helping educate them on understanding what the alerts mean and how to effectively respond.