DCBP-1

DCBP-1 Best Security Practices

Overview

The DoD information system security design incorporates best security practices such as single sign-on, PKE, smart card, and biometrics.

MAC / CONF	Impact	Subject Area
MACI MACII MACIII	Medium	Security Design and Configuration

Details

Threat
Organizations not leveraging best practices for security are not utilizing lessons learned from previous security efforts. These organizations run the risk of repeating historical errors and wasting money on duplication of efforts while needlessly introducing preventable vulnerabilities into the IS. Utilizing best security practices ensures information systems within the DoD are aligned with tested and validated practices.

Threat

Organizations not leveraging best practices for security are not utilizing lessons learned from previous security efforts. These organizations run the risk of repeating historical errors and wasting money on duplication of efforts while needlessly introducing preventable vulnerabilities into the IS. Utilizing best security practices ensures information systems within the DoD are aligned with tested and validated practices.

Guidance
1. The DoD information system security design shall incorporate best security practices such as single sign-on, PKE, smart card, and biometrics. 2. Best Security Practices are compiled by government, industry, academia, (or collaborations between all three) to document those security practices that have a proven record of success when applied to appropriate technologies or situations. These Practices should be used in as many cases as practical.

Guidance

1. The DoD information system security design shall incorporate best security practices such as single sign-on, PKE, smart card, and biometrics.
2. Best Security Practices are compiled by government, industry, academia, (or collaborations between all three) to document those security practices that have a proven record of success when applied to appropriate technologies or situations. These Practices should be used in as many cases as practical.

References

DISA Network Infrastructure STIG, Version 5, Release 2, 29 September 2003
DISA Network Infrastructure Security Checklist, Version 5, Release 2.2, 23 September 2004
DoD IA Strategic Plan, Version 1, Release 1, January 2004
Carnegie Mellon Software Engineering Institute, Capability Maturity Model® Integration (CMMISM),Version 1, Release 1, CMMISM for Systems Engineering, Software Engineering, and Integrated Product and Process Development (CMMI-SE/SW/IPPD, Version 1, Release 1) Continuous Representation CMU/SEI-2002-TR-003ESC-TR-2002-003, December 2001
DoDD 8000.1, Management of DoD Information Resources and Information Technology, 27 February 2002
CJCSI - Information Assurance (IA) and Computer Network Defense (CND)