CLIENT STORY

A unified combatant command within the Department of War (DoW) provides global air, land, and sea mobility to move troops, equipment, and supplies for military operations worldwide. It ensures the Joint Force can meet the nation’s security objectives at all times. The command uses its DoW Ports, Protocols, and Services Management (PPSM) framework to bolster the cybersecurity posture of the IT infrastructure. It requires documenting all open ports, protocols, and services, frequently utilizing tools like the Assured Compliance Assessment Solution (ACAS).

PROBLEM

PPSM compliance entails identifying applications, protocols, and services according to governance outlined in the Department of Defense Instruction 8551.01. The command completed its PPSM port scan comparisons reactively, either as an authority to operate (ATO) requirement or upon customer request. Worse still, port scan comparisons and their results were standalone findings, compartmentalized within the associated program of record (POR) and PPSM personnel.

As the PPSM program gained more focus and attention, so did requests for PPSM-wide information. To compile such results, the command had to individually research each PPSM registry. Moreover, upon completion of an ATO or customer-requested PPSM port scan comparison, the open and unregistered ports found, whether a low or high number, typically were not seen again until the next ATO or customer request. Positive or negative patterns could not be identified in a timely fashion.

Governance and cybersecurity compliance instructions require a proactive, trackable approach to minimize open and unregistered ports across networks. Also, Security Control Assessors (SCAs) need current and accurate port-scan comparisons to make informed ATO decisions.

SOLUTION

Electrosoft developed a proactive, organization-wide monthly tracker for the command. The tracker combines elements of Teams, Planner, and Excel to document the status of 42 Nonclassified Internet Protocol Router (NIPR) and 16 Secret Internet Protocol Router (SIPR) PPSM registries. The SIPR registries are completed the first week of each month; the NIPR registries are completed the second week.

Using ACAS weekly scans, we first identify which ports are open or unregistered. Next, we ascertain why they are open or unregistered. We compile these scans and comparisons to assist the command with future ATOs, proactively noting the program’s security posture in terms of compliance and noncompliance.

Beyond tracking open and unregistered ports on a monthly basis, the tracker follows trends in program-wide unregistered ports with metrics and capabilities spanning several programs. This trend analysis substantially improves compliance with DoD Instruction 8551.01 and established metrics.

RESULTS/BENEFITS

In its first six months, the tracker solution reduced open and unregistered ports in the NIPR PPSM registries by 78.29 percent. Within SIPR registries, it achieved a 50 percent reduction.

Notably, when the command Chief Information Security Officer (CISO) requested an urgent PPSM review of all registries for a banned port, we were able to respond within minutes because we had just completed the monthly NIPR and SIPR port scan comparisons. Because the tracker contained historical information, we could show that the banned port was not found in any previous ACAS weekly scan results.

Our trend analysis also helped two entities realize their ports were not adequately documented. They subsequently coordinated with the PORs to properly register those ports, helping to ensure the security of the IT infrastructure.

The monthly tracker will provide long-term data integrity for future ATOs, Plans of Action and Milestones (POAMs), and PPSM conditions approved by SCAs. A future version of the tracker is planned. It will show the status of a program’s progress over the time mandated in the ATO package, POAM, or condition. These actions will enhance strong, secure, uninterrupted access to DoW IT resources and critical applications.