FEBRUARY 18, 2016, SAN DIEGO (NNS) – To ensure critical warfighting capabilities can operate, fight, and win in a contested cyber environment, the Navy has finalized the first eight in a series of more than two dozen planned foundational cybersecurity standards that govern the vast majority of the sea services’ systems and programs.
The Information Technology/Information Assurance Technical Authority Board (IT/IA TAB) developed these cybersecurity standards to provide a uniform security architecture framework, including the consistent application of security controls, for Department of the Navy afloat, ashore, aviation and space systems.
The Space and Naval Warfare Systems Command (SPAWAR), as the Navy’s information assurance technical authority, finalized* the following cybersecurity standards:
. Host Level Protection
. Network Firewall
. Network Intrusion Detection Systems and Intrusion Protection Systems
. Defense in Depth Functional Implementation Architecture
. Security Information and Event Management Implementation
. Information Security Continuous Monitoring
. Boundary Protection
. Vulnerability Scanning
*Note: the Navy cybersecurity standards are available in their entirety only to U.S. government organizations and authorized industry companies.
According to SPAWAR Commander Rear Adm. David Lewis, “Our intent in publishing these standards is for them to be included in design requirements, development and production contracts, and any other technical or engineering artifacts that touch on or influence cybersecurity designs for our various computer-based systems.”
The standards are a key element of the Navy’s strategy for cyber, including the Cybersafe initiative, which protects the Navy’s ability to operate in cyberspace by focusing on mission assurance of critical warfighting components.
The cybersecurity standards apply to all Navy IT systems, which include business systems; command and control systems; combat systems; weapon systems; navigation systems; machinery control systems; hull, mechanical and electrical systems; and propulsion systems.
These standards build upon existing, publicly available National Institute of Standards and Technology (NIST) cybersecurity standards, with additional information for Navy-specific implementation. They have been approved through the IT/IA TAB, which consists of experts at SPAWAR, the Naval Sea Systems Command, the Naval Air Systems Command, the Naval Supply Systems Command and the Naval Facilities Engineering Command. Other Navy and Marine Corps organizations are participating in the standards development process.
“These standards are subject to periodic review and update,” Lewis added. “Both as NIST issues changes to the underlying standards and as we decide to make changes based on lessons learned during implementation.”
