This risk assessment was to identify threats and vulnerabilities related to the Department of the Army (DoA) Information Technology (IT) systems. It will be utilized to identify vulnerabilities in the Computer Network Defense (CND) Capabilities and mitigation plans related to DoA’s IT systems. It was realized that this was a potential high-risk system as noted by the Department of Defense (DoD) Chief Information Officer (CIO). (DoD, 2012)
This risk assessment applies to all DoA Non-secured Internet Protocol Router Network (NIPRNET) and Secured Internet Protocol Router Network (SIPRNET) for Regular Army and Reserve Components. This is a major system that is used by millions of Soldiers, contractors and DA civilians worldwide. The DoA’s IT system is comprised of Army Global Network Operations and Security Center (A-GNOSC) which is responsible for the Army’s day-to-day Tier 2 CND Service Provider.
The research methods will present both quantitative and qualitative data which will identify hazards and vulnerabilities to include International-Transnational Terrorism and Domestic Terrorism and present an assessment of the potential risks from them. Information will be collected mainly from DoD’s and DA’s websites.
The DoD uses DODI 8510.01, DoD Information Assurance Certification and Accreditation Process (DIACAP), as the process for implementing Certification and Accreditation (C&A) within their information system. The Information Assurance (IA) Controls, or security measures that must be implemented on a system, as stated in the DODI 8500.2, Information Assurance (IA) Implementation. The control selection relies on the Mission Assurance Categories (MAC) and Confidentiality Levels (CL). Information Systems (IS) will be allotted a MAC level which shows the importance of the information which is used to determine the IA controls for integrity and availability regarding DODI 8500.2 and will be decided by the DoD or Army by the DIACAP team (Information Assurance, 2009)
MISSION ASSURANCE CATEGORY