A Site Assistance Visit was recently conducted by the Defense Information System Agency inspectors to help prepare Scott Air Force Base for the Command Cyber Readiness Inspection, which is scheduled for Nov. 14-18.
The DISA team conducted their own evaluation of Scott’s progress, looked across all the inspection areas that are expected during the CCRI, and identified some areas for improvement.
“Some issues we had previously identified while others we simply were not tracking, and this is where we benefited from the visit,” said Maj. Jason Parker, 375th Communications Squadron commander. He said that most discrepancies could be addressed with the time remaining, and that everyone has a role in being in compliant with security requirements.
We all understand what the rules are, and we need to overcome this mindset that following proper security procedures is inconvenient. The harder it is and the more diligent we are with ensuring those security protocols are in place, the harder it’s going to be for someone who isn’t authorized access to get in.
Maj. Jason Parker, 375th Communications Squadron commander
“There are simple fixes like having stickers on phones that provide warnings of what you should or should not be talking about on an unclassified phone, verifying shredders are properly cleared for classified destruction, and ensuring all users have an incident procedures card located next to their phone, for instance,” said Parker.
In addition, there are other good practices to keep in mind leading up to the CCRI and to continue with after the inspection is done:
▪ Ensure all Common Access Cards and SIPRNET tokens are not left unattended in personal computers. They must be with you at all times;
▪ In accordance with AFMAN 33-152, digitally sign the following: emails with embedded hyperlinks, emails with attachments, emails that commit to, authorize, or deny the use of funds, and emails that stipulate an Air Force official position;
▪ Do not write down passwords;
▪ Carefully follow instructions of unit Cybersecurity Liaisons and Security Managers;
▪ Safeguard all classified systems and don’t discuss any classified information over unclassified channels;
▪ Make sure all electronic devices are marked accordingly;
▪ Follow entry control procedures; and
▪ Follow the end-of-day security checklist.
“We all understand what the rules are, and we need to overcome this mindset that following proper security procedures is inconvenient,” said Parker. “The harder it is and the more diligent we are with ensuring those security protocols are in place, the harder it’s going to be for someone who isn’t authorized access to get in.”