Author name: Bruce

What is the DoD Directive 8140? DoD 8140, Cyberspace workforce will supersede DoD 8570 as the guide for selecting the personnel with the correct certifications, skills and experience. Where is the DoDD 8140.01, Cyberworkforce going? 8140 manual may mirror an ongoing initiative that has a lot more categories. Those high level categories would be under a National Initiative for Cybersecurity Education (NICE) framework: Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate. These categories are broken down further into a sum total of 31 tasks. It was supposed to be released in 2013, but there is actually no telling when it will come out. http://diarmfs.com niccs.us-cert.gov

This is Nitin  and I am the Staffing Specialist with 22nd Century Technologies  Inc. (TSCTI). We are Government Software integrators working with DoD and civilian space and are fast growing company in DoD sector with clients like US Air Force, US Navy and Army. Find more about us at www.tscti.com This is a job Opportunity from CSC (CSC – Leveraged (ITAR). Title:                                                   Unix/Windows System Admin (56162 -1) Location:                                          WICHITA  KS 67210 Duration:                                           51 W, 5 D Visa-                                                   US citizen only. Comments:      ITAR – Must be US Citizen ACTIVE Secret Security Clearance required Available as soon as possible. Preferably Local to Wichita, KS or available to travel weekly – Must be on site every week (please indicate if Local on not on submission) **No remote work acceptable – there would not be any remote access (classified area) Please ensure they can commit to ONE YEAR contract. Candidates must have Active Passport on hand. Job Description:   System Administrator – Unix/Windows with Unix (Liux SUSE) and Windows system admin skills Main Responsibilities: Provides support for moderately complex technical and team management activities related to system/database administration. Performs moderately complex systems/database administration. Monitors and tunes appropriate systems to ensure optimum level of performance. Oversees appropriate level software installations, upgrades and related software packages. Collects/Reviews system data for capacity and planning purposes. Analyzes capacity data and develops capacity plans for appropriate level enterprise-wide systems. Coordinates with management in implementing changes. Supports the design and configuration of complex system landscapes. Supports complex data/media recoverability through system backups and database archive operations. Plans, coordinates and directs appropriate level data refresh strategies. Oversees, recommends and implements appropriate level database solutions/enhancements to ensure an improvement in system reliability and performance. Oversees and applies appropriate support packages/patches to maintain system integrity.                     Thanks And Regards Nitin Intern Recruiter 22nd Century Technologies Inc (Minority, 8(A) & GSA Schedule 70 Company) CMMi Level 3, ISO 9001:2008 and SBA certified 8(a)

Title:                                     Cyber security / Information Assurance Analyst Location:                             Monterey, CA Duration:                             Full Time Client:                                  Defense Language Institute Required: Security+ Certification Active Secret security ClearanceDuties may include:•             Support an Information Systems Security, Education, Training, and Awareness Program. •             support implementation and enforcement of Information Security Policies and Procedures. •             Review and update all Information Systems Security Plans/SSPs and support certification and accreditation efforts. •             Provide technical support in the areas of vulnerability assessment, risk assessment, and security implementation. Technical Skills: Information Assurance HBSS ACAS STIG Retina, MacAfee

U.S. CITIZENSHIP IS REQUIRED ISYS Technologies is currently hiring a Security Compliance Analyst to support a government customer in Page, Arizona. Job duties will include, but may not be limited to: Perform IT security assessments and other technical evaluations, develop and implement technical processes and procedures, conduct technical vulnerability assessments, analyze vulnerabilities and develop remediation plans. Develop and maintain configuration baselines, document and implement continuous diagnostics and monitoring processes, procedures and tools, and develop recommendations for improving the o verall CRSP security and compliance posture. Provide technical assistance in the development, maintenance and implementation of IT compliance requirements. Provide version control for information, documents, software, hardware, and other services to ensure that users are provided correct and current information. Provide periodic assistance with completing data calls, analyses, or other requests for information related to IT compliance activities. Document and assess all available IT security patches for applicability to approximately 141 CRSP IT devices located across the UC Region within 30 calendar days of patch or upgrade availability. Test, document, install, and verify all security related patches and anti-virus and malware prevention updates on approximately 141 CRSP IT devices. Document compensating measures to mitigate risk exposure in any case where a security patch is not installed. Revise CRSP patch, anti-virus, malware-prevention, and vulnerability management processes and procedures. Train UC personnel on updated CRSP patch, anti-virus, and vulnerability management processes and procedures. Implement UC job plans for the updated CRSP patch, anti-virus, and vulnerability management processes and procedures. Perform and document Cyber Vulnerability Assessments on CRSP IT devices, document action plans to mitigate identified vulnerabilities and track and document the execution status of any required action plans. Convert system shared accounts on CRSP devices to individual accounts where technically feasible. Develop a process to ensure that all individual and shared account passwords are changed in accordance with IT security compliance requirements and incorporate that new process into CRSP Access Control procedures. Identify transferred and/or terminated personnel who had been granted access to embedded accounts but have since been transferred or terminated and verify that physical and system level logical access has been removed. Ensure that all individual and shared accounts that require password changes are changed in accordance with access control procedures. Establish, implement and document technical controls to ensure that individual and shared system accounts and authorized access permissions are consistent with the concept of ‘need-to-know’. Conduct IT security assessments of CRSP systems, following NIST Special Publication 800-53A guidance (current version) in support of the Annual Assurance Statement. Document comprehensive security assessment results that include a full description of the weaknesses and deficiencies discovered during an assessment, the potential for compromise, weakness impact and specific recommendations to remediate any findings.  Security assessment results must be documented in the Cyber Security Assessment Management (CSAM) system. Provide IT security expertise related to incident response, contingency plans, risk assessments and security impact analyses. Monitor, track and update Plan of Action and Milestones (POA&Ms) within CSAM. Develop and implement POA&M remediation schedules. Document Weakness Completion Verification Forms (WCVF) for POA&Ms for planned Risk Acceptance and/or closure due to remediation.   Minimum Qualifications Minimum of 5 years’ e xperience and knowledge of: Security Patch and Vulnerability Management Cyber Vulnerability Assessments on CRSP IT devises NIST Special Publication 800-53A Knowledge of ICS technology components (Remote Terminal Units(RTU), Programmable Logic Controllers (PLCs), relays, sensors, switches etc.), protocols (TCP/IP, DNS, Modbus, Profibus, Common Industrial Protocol etc.) and ICS systems (Supervisory Control and Data Acquisition (SCADA), Physical Access Control Systems (PACS)). Knowledge and experience in planning, developing, implementing, and executing IT services to support the planning, development, implementation, and execution of UCPO NERC-CIP v3 and v5 and FISMA IT security compliance activities. Operational experience with CRSP operating systems and device types to include: 65 SEL 3021 encryption devices; 2 AIX 4.3.3 FEPs; 9Solaris 8 servers; 2 Windows 2000 servers; 1 Windows 2000 workstation; 4 Windows XP workstations; 11 Windows 7 workstation; 5 Windows 2008 R2 servers; 2 RedHat servers; 10 Cisco Switches, 6 Cisco Routers, 1 Cisco PIX, 1 HP printer; 5 Lenel LNL-3300 boards; 2 Pelco DVRs; and 12 GE D20 RTUs. Security patching and vulnerability management experience to include performing assessment, testing, installation and documentation for security patch upgrades and anti-virus/malware-prevention. Experience conducting technical vulnerability assessments, analyzing vulnerabilities and developing, documenting and tracking remediation plans. Knowledge of network security architecture concepts including topology, protocols, components and principles (e.g. application of Defense-in-Depth). Experience conducting and documenting IT security control assessments that adhere to NIST Special Publication 800-53A guidance (current version). Extensive experience in completing IT security and compliance standards, plans, processes, procedures, training materials, and templates for organization-wide use. Government contracting knowledge and experience. Knowledge and expertise in applying industry-endorsed best practices, and IT security and compliance frameworks/principles to include relevant certifications. Ability to work with a range of customers or users and tec hnical personnel in a professional and courteous manner on technical and non-technical issues. ISYS Technologies is an Engineering and Information Technology Company focused on providing Services to the Federal and State Government. ISYS offers a competitive compensation program and comprehensive benefits package to our employees including Health/Dental/Vision/PTO/OT Bonus and more. ISYS Technologies is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or status as a protected veteran.   Recruiting Manager/Account Manager : ISYS Technologies 801 W. Mineral Ave #105, Littleton, CO 80120  7222 Commerce Center Drive, #108, Colorado Springs, CO 80919 Primary:  303-290-8922   Click here to view current job openings.

Defense Information Systems Agency (DISA) released the Oracle HTTP Server 12.1.3 STIG Version 1.  DISA released the Oracle HTTP Server 12.1.3 STIG Version 1.  The requirements of this STIG become effective immediately. The STIG is available on IASE at: http://iase.disa.mil/stigs/app-security/web-servers/Pages/Oracle_http.aspx

I have been doing Information Security for about 20 years and I have notice that there are not a lot of IT professionals getting into this field.  It is too bad because it is really a missed opportunity.  It is a growing industry with a need for good IT professionals. Here are few more reasons to get into it.

DISA has released the following IAVM packages: http://iase.disa.mil/stigs/Pages/iavm.aspx AIX 6.1 Ver 1, Rel 17 Apple OS 10.10 Workstation Ver 1, Rel 6 Apple OS 10.8 Workstation Ver 1, Rel 10 Apple OS X 10.9 Workstation Ver 1, Rel 7 BlackBerry 10 OS Ver 1, Rel 8 Cisco IOS Ver 1, Rel 8 HP-UX 11.23 Ver 1, Rel 17 HP-UX 11.31 Ver 1, Rel 17 MAC OS X 10.6 Ver 1, Rel 17 Oracle Linux 5 Ver 1, Rel 10 Oracle Linux 6 Ver 1, Rel 10 RHEL 5 Ver 1, Rel 17 RHEL 6 Ver 1, Rel 15 Solaris 10 SPARC Ver 1, Rel 17 Solaris 10 x86 Ver 1, Rel 17 Solaris 11 SPARC Ver 1, Rel 10 Solaris 11 x86 Ver 1, Rel 10 Windows 10 Ver 1, Rel 1 Windows 7 Ver 1, Rel 15 Windows 8 and 8-1 Ver 1, Rel 15 Windows 2008 R2 Ver 1, Rel 15 Windows 2008 Ver 1, Rel 15 Windows 2012 and 2012 R2 Ver 1, Rel 13 Windows Vista Ver 1, Rel 15 zOS Ver 6, Rel 23

DISA has developed the Draft Tanium 6.5 Security Technical Implementation Guides (STIGs) The Draft STIG is available at: http://iase.disa.mil/stigs/app-security/app-servers/Pages/index.aspx for review and comment. Please provide comments, recommended changes, and/or additions to the draft STIG by 20 January 2016 on the Comment Matrix spreadsheet, and send comments via NIPRNet email to:  disa.stig_spt@mail.mil.  Include the title and version of the STIGs in the subject line of your email.

DISA has developed the Draft Oracle Java Runtime Environment (JRE) 8 Security Technical Implementation Guides (STIGs) Version 1 The Draft STIG is available at: http://iase.disa.mil/stigs/app-security/app-security/Pages/index.aspx for review and comment. Please provide comments, recommended changes, and/or additions to the draft STIG by 15 January 2016 on the Comment Matrix spreadsheet, and send comments via NIPRNet email to:  disa.stig_spt@mail.mil.  Include the title and version of the STIGs in the subject line of your email.

DISA has developed the Draft Voice Video Endpoint SRG Version 1. The Draft SRG is available at http://iase.disa.mil/stigs/net_perimeter/telecommunications/Pages/voip.aspx for review and comment. Please provide comments, recommended changes, and/or additions to the draft SRG by 12 January 2016 on the Comment Matrix spreadsheet located at http://iase.disa.mil/stigs/net_perimeter/telecommunications/Pages/voip.aspx.  Comments should be sent via NIPRNet email to:  disa.stig_spt@mail.mil.  Include the title and version of the SRG in the subject line of your email.