Maxwell to undergo DISA Enhanced Compliance Validation

Published Sept. 12, 2009
Article courtesy of the 42nd Air Base Wing

MAXWELL AIR FORCE BASE, Ala. -- Maxwell will undergo a Defense Information Systems Agency Enhanced Compliance Validation, or ECV, network inspection Sept. 28 through Oct. 2. "The ECV is very similar to an Operational Readiness Inspection, or a Nuclear Surety Inspection, of our secure and non-secure networks," said Major Gerald Yap, 42nd Communications Flight commander.

Col. Kris Beasley, 42nd Air Base Wing commander, said, "Network and information security is everyone's business. It's critical that every network user understands that their actions can have an impact across the Air Force and DoD. A vulnerability created by one is a vulnerability shared by all!"

Colonel Beasley noted that network security is a "top priority" for Air Force Chief of Staff Gen. Norton Schwartz, Air Education and Training Command Commander Gen. Stephen Lorenz, Air University Commander Lt. Gen. Allen Peck and all of Maxwell-Gunter senior leadership.

Colonel Beasley said General Schwartz emphasized this subject in his May 27 memo to all Airmen titled, "Cyberspace Operations Culture Change," in which he stated, "Our Air Force must move to a system of tight network control, personal responsibility and accountability as we execute our global mission on behalf of our Nation."

Major Yap said that while taking proper network security measures must be a part of everyone's daily routine, organizations across the base, led by 42nd CF, are taking a number of actions to prepare for the ECV. Major Yap said the 42nd CF is using DISA's security directives, known as Security Technical Implementation Guides, or STIGs, to ensure Maxwell-Gunter's networks are compliant with all Department of Defense security measures.

"We perform automated scans on the networks to find vulnerabilities. Those vulnerabilities must then be fixed either through an automated patch or through manual intervention by a client support administrator, or CSA," he said. "In addition, 42nd CF is working with outside organizations, such as the 561st Network Operations Squadron, AETC Computer Systems Squadron and Air Force Network Integration Center Scope Edge teams, to ensure that we are using the best practices, and that the portions of the Maxwell networks that are no longer locally controlled are meeting security standards."

Major Yap said base personnel must be security minded in all their actions on the network. Base network users need to log off their computers after work hours, but leave their computers turned on so they can receive automatic patches.

Additionally, classified Secret Internet Protocol Router Network, or SIPRNet, workstations need to be connected to the network every Tuesday from 8 a.m. to noon to allow for vulnerability scans and patches. Building managers need to ensure that rooms housing network equipment are properly secured and not used for storage.

And users that have vulnerabilities that can't be fixed automatically need to work with base CSAs to remedy the problems. He also noted that units who maintain and operate their own servers need to help with ECV preparation by ensuring their servers are scanned with the latest DISA "Gold Disks" which are an automated tool for checking compliance. The major said frequent communications between base units and the 42nd CF can help ensure ECV preparation tasks are on track and alleviate any misunderstandings.

"The ECV will help validate that our networks are secure and the information crossing the networks isn't compromised," Major Yap said. "Our adversaries continually try to exploit DoD networks, and we at Maxwell-Gunter need to do our part to protect the entire Global Information Grid," Major Yap said. "Network security is now a part of the Air Force mission culture."