Command Cyber Readiness Inspection set for April 24-May 5

ABERDEEN PROVING GROUND, Md. – Cybersecurity is everyone’s responsibility. APG will undergo a Command Cyber Readiness Inspection, a thorough review of the installation’s cyber readiness status from Monday, April 24, through Friday, May 5.

The Defense Information Systems Agency performs this technical and operational inspection on behalf of the United States Cyber Command. CCRI scores determine a Department of Defense site’s authority to operate the network.

Much of the CCRI will focus on the APG Non-classified Internet Protocol Router Network and Secure Internet Protocol Router Network environments and their associated cybersecurity posture. The inspection also examines the traditional security of APG Army tenants and individual users.

“[The CCRI] is a snapshot in time of the security posture of a site,” explained Information System Security Manager Jason Dirla with the U.S. Army Communications-Electronics Command.

In-person inspection  

Information technology specialist and CCRI lead Tarra Williams, with the Mid-Atlantic Regional Network Enterprise Center, said this is the first in-person CCRI since the COVID-19 pandemic.

“This [inspection] will be boots on the ground,” Williams said. “There will be 13 people who are coming and will be actually visiting the tenants.”

Williams asked the APG workforce to cooperate with the inspectors and not disagree on findings on the spot. A dedicated team will revisit any findings after the CCRI. “We are all on the same team,” she said.

“It [a finding] is not to take a personal ding on you; it to help us be compliant,” she explained.

Remaining in a state of readiness   

Williams said a new operation order is coming that will mandate the CCRI will take place every two years instead of every three years. She said the APG workforce must always be mindful of security, not just during the CCRI.

“[This change] is about remaining in a state of readiness versus trying to get ready,” Williams said.

Dirla said it’s good practice for personnel to look for items like old slides, other documents and compact discs that are no longer needed and shred them.

Common findings 

An unattended Common Access Card or SIPRNet token is a common and automatic finding. These items should always be within arm’s length.

Williams said people will often walk away from their desks to talk to a co-worker or go to the printer and forget to take their CAC or SIPRNet token with them. The workforce is reminded to constantly remain vigilant.

Dirla said an unattended CAC logged into a machine is considered a category one finding, which is -the most severe.

“That is a pretty big finding and could impact the score heavily if you get enough of those,” he said.

Williams and Dirla said the APG workforce must cover their camera when it is not in use on their government-furnished laptop, which can be covered with a sticky note, Williams explained.

“It is a vulnerability if you have the camera where it is accessible,” she said. “Covering it, ensures it is not on or somehow being active or compromised.”

Another common finding is having trash, like candy wrappers, in the shredding recycle bin. Also putting Personal Identifiable Information in the recycle bin.

If you suspect a threat to your system    

If you suspect a threat to your system, disconnect your system from the network immediately. Contact your dedicated security manager, cybersecurity manager or information management staff directly. Don’t shut down or reboot your computer and never attempt to investigate the cause of suspicious activity yourself.

At APG, call the Cybersecurity Incident Response Team Hotline at 410-306-3700.