(.mil/.gov ONLY) The increasing technological sophistication of the Department of Defense (DoD) leads to a dependency on technology that, in turn, represents potentially crippling vulnerabilities. DoD is dependent upon advanced weapon systems and Command, Control, Communications, Computers, and Intelligence (C4I) systems throughout all mission areas from tactical to strategic. Preventing or minimizing the disruption, denial, degradation, destruction, or disclosure, of information and information systems is the objective of information assurance (IA). The process of ensuring information assurance is increasingly focused on being proactive and solving problems before they become problems. Prevention may be as simple as properly configuring a new computer’s operating system (OS). Prevention may also include reconfiguring that OS to respond to a new vulnerability and ensuring that solution is properly implemented across all potentially affected systems. Expeditious execution and compliance of verification are essential to minimize the window of vulnerability. The Defense Information Systems Agency (DISA) Information Assurance Vulnerability Alert (IAVA) process is an example of this control measure for ensuring all security patches have been applied to DoD systems in a timely manner. Commanders and leaders at every level should have a working knowledge of CM. Those charged with executing organizational Configuration Management (CM) must understand and execute the process, policies, and disciplines. This Critical Review and Technology Assessment (CR/TA) will provide both that overarching understanding of CM as well as a comprehensive examination of CM to aid the practitioners to meet the challenges of their responsibilities.
How to Obtain a Hardcopy:
Contact the CSIAC at email@example.com