Navy finalizes cyber standards for industry

Navy finalizes cyber standards for industry

To ensure its IT systems can successfully operate in a contested cyber environment, the Navy has finalized eight cybersecurity standards that aim to provide a uniform security architecture for its systems  afloat, ashore, in the air and in space.

These finalized standards -- the first in a series of more than two dozen planned -- govern:

  • Host-level protection
  • Network firewall
  • Network intrusion detection systems and intrusion protection systems
  • Defense-in-depth functional implementation architecture
  • Security information and event management implementation
  • Information security continuous monitoring
  • Boundary protection
  • Vulnerability scanning

“Our intent in publishing these standards is for them to be included in design requirements, development and production contracts, and any other technical or engineering artifacts that touch on or influence cybersecurity designs for our various computer-based systems,” said Rear Adm. David Lewis, commander of the Space and Naval Warfare Systems Command.

The new standards will apply to all Navy IT systems -- including business, command and control, combat, weapon, navigation, machinery control, hull, mechanical, electrical and propulsion systems -- and will be built upon the National Institute of Standards and Technology cybersecurity standards.  

In line with the Navy’s CyberSafe initiative that manages cybersecurity of Navy networks, platforms and systems, the newly announced standards are to be a key element in protecting the Navy’s cyberspace operations. 

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.

Featured

  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected