April 23, 2014 -- Rarely do organizations excel in their first command cyber readiness inspection. Their facilities might rate well but their technology lags, or vice versa. Top ratings come over time.
Then there is the Marine Corps Enterprise Information Technology Services. MCEITS might have surprised even itself in March with an overall excellent rating in its initial CCRI. This was a formal inspection of the Kansas City, Mo.-based organization conducted by Defense Information Systems Agency under the direction of U.S. Cyber Command’s Enhanced Inspection Program.
“We did a lot of hard work to get this rating,” said Lt. Col. Ross Monta, product manager for Marine Corps Enterprise Services. “Now we have to maintain what we achieved.”
MCEITS is part of part of Information Systems and Infrastructure at Marine Corps Systems Command. It enables access to Marine Corps enterprise data, information, applications and services. MCEITS also provides a collaborative information‐sharing environment across the business and warfighting domains.
Dan Corbin, ISI program manager, called the CCRI “a very arduous information assurance inspection.”
Monta agreed. He said the inspection was a huge step for MCEITS, which only reached initial operational capability in 2011. It's systems were “turned on” in late 2012 with its first software applications only coming on line in 2013.
“To the Marines in the fleet, the inspection results validate the abilities and security of the enterprise hosting facility. This, in turn, ensures the viability and security of our Marines’ pay, promotion and training systems,” Monta said. “While Marines are winning our nations battles, they don't have to worry about whether or not their pay is deposited; their promotion information is at the board or any other business function. This is one more way the Marine Corps supports them so they can focus on their primary mission.”
The CCRI is a five-day comprehensive, graded inspection involving all cyber security areas including leadership management, physical security, administration, training, network configuration, network operations, and human factors and command operational behavior.
The objective is to ensure Department of Defense networks comply with directives and guidance, or as a Chief of Naval Operations stated, “This program will ensure the health and security of Navy networks."
The CCRI verified that, barely past start-up stage, the MCEITS is in good health.
“Usually the security facilities do well in an inspection, but the applications don’t rate as well,” Monta said. “In our case, the applications also did well, making the Marine Corps Enterprise Network more secure.”
He added that MCEITS will not rest on its laurels—nor can it afford to. Rather than several weeks or months’ heads up, future CCRIs will be no-notice. Inspectors can return any time, Monta said, and MCEITS will be ready when they do.