TINKER AIR FORCE BASE, Okla. -- An inspection team from the Defense Information Systems Agency will conduct a Command Cyber Readiness Inspection Dec. 10-14 of all network systems in the Tinker Air Force Base area of responsibility.
The main focus of the CCRI will be on the Nonsecure Internet Protocol Router Network, the Secure Internet Protocol Router Network, as well as supporting traditional security practices. The agency will inspect work centers, looking for adherence to standards and will also check Tinker AFB’s technical and information systems for vulnerabilities.
In addition, DISA will inspect technical and operational adherence to the Defense Department standard practices and policies, which includes secure and non-secure cybersecurity network compliance and physical security practices. In order to ensure Tinker AFB passes the inspection successfully, every unit and network user has a responsibility for being knowledgeable on proper cybersecurity, traditional security and physical security practices. Commanders and senior civilian leaders at all levels within their organizations are asked to check and re-check that these standards are being adhered to — down to the individual user — to ensure awareness and compliance with cybersecurity measures. The following are some tips network users can follow to ensure compliance success:
Cybersecurity
• Read the Acceptable Use Policy. As users of the Air Force Network, you sign an AUP upon logging into any DOD network. It contains all the basics you need to know to keep you compliant when using government computer systems. Mobile device users are required to sign an additional AUP tailored for the device usage.
• At the conclusion of each duty day, reboot NIPRNet systems to ensure security patches are appropriately applied.
• Power on and log in to SIPRNet systems during mandatory SIPRNet “uptime” periods, every Tuesday and Wednesday. Ensuring these systems stay connected during the entire period is essential to getting required updates.
• Do not pass any information, especially critical operational traffic, over unclassified communications, such as phone, email, Facebook, etc.
• Remove Common Access Cards, SIPRNet tokens and secure all SIPRNet computers and hard drives prior to leaving computers unattended.
• Do not plug unauthorized electronic devices, like thumb drives, hard drives, portable media players or cell phones into a government NIPRNet or SIPRNet computer system unless you have an approved exemption letter.
Traditional Security
• Know who your security manager, information management officer and information assurance support officer are and how to contact them.
• Verify security clearances and escort unauthorized personnel in controlled areas.
• Properly safeguard classified systems to include proper completion of applicable Standard Form 700 Security Container Information, SF 701 Activity Security Checklist and SF 702 Security Container Check Sheet.
• Use proper document cover sheets and face monitors away from doors and windows to eliminate viewing by unauthorized personnel.
• Properly label disc media and have proper classification markings, such as a DOD Form 2056 Telephone Monitoring Notification decal on communications equipment like computers, monitors, phones, etc., in a mixed classification environment.
• Know how to identify and respond to a network security incident or classified message incident by using the Computer Emergency Response Aid located at: https://wwwmil.tinker.af.mil/ccri2018/files/QuickResponseAid_v2018.pdf
A copy of this aid should be posted by every computer terminal.
• Never bring portable or wireless electronic devices within three meters of a classified system.
For more information or assistance on keeping your areas inspection-ready, contact your unit’s security manager or your unit cybersecurity liaison.
• Ensure all Common Access Cards and SIPRNet tokens are NEVER left unattended in personal computers. They must be with you at all times.
For CCRI related issues, contact the Vulnerability Management team at 72ABW.TinkerVulnerability.Management@us.af.mil.