Project: Department of Defense (DoD) Ready
Purpose
This course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.
Learning Objectives and Outcomes
Successful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:
Required Source Information and Tools
Web References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on August 26, 2020.
The following tools and resources will be needed to complete this project:
https://dodcio.defense.gov/Library/
You may consult other relevant sources, if needed. If so, include citations for those sources in the final deliverable for this report.
Deliverables
This project is divided into several parts, each with a deliverable. The first three parts are research drafts, which should include organized lists and notes gathered during research, sources, and in some cases policy drafts. These documents should be organized and readable, but are not polished reports.
Item | Deliverables |
Project Part 1 | U.S. Compliance Laws Research
Submit a draft of your research of DOD-specific requirements for an organization’s IT infrastructure and U.S. compliance laws that may affect the firm. |
Project Part 2 | Infrastructure Research A
Submit a draft of (1) which policy framework(s) will be followed for the project and (2) DoD-compliant policies, standards, and controls that affect the User, Workstation, LAN, and LAN-to-WAN Domains. |
Project Part 3 | Infrastructure Research B
Submit a bulleted list of DoD-compliant policies, standards, and controls that affect the WAN, Remote Access, and System/Application Domains. |
Project Part 4 | Final Report
Submit the final report of your class project. |
Note: Your instructor may require that this project be completed in groups. If so, select a team leader and hold weekly team meetings as a group to be sure the work is proceeding on schedule.
Scenario
You are a security professional for Blue Stripe Tech, an IT services provider with approximately 400 employees. Blue Stripe Tech partners with industry leaders to provide storage, networking, virtualization, and cybersecurity to clients.
Blue Stripe Tech recently won a large DoD contract, which will add 30 percent to the revenue of the organization. It is a high-priority, high-visibility project. Blue Stripe Tech will be allowed to make its own budget, project timeline, and tollgate decisions.
As a security professional for Blue Stripe Tech, you are responsible for developing security policies for this project. These policies are required to meet DoD standards for delivery of IT technology services to the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency.
To do this, you must develop DoD-approved policies, standards, and control descriptions for your IT infrastructure (see the “Tasks” section in this document). The policies you create must pass DoD-based requirements. Currently, your organization does not have any DoD contracts and thus has no DoD-compliant security policies, standards, or controls in place.
Blue Stripe Tech’s computing environment includes the following:
Tasks
Submission Requirements
Self-Assessment Checklist for Final Report