Navy finalizes cyber standards for industry
- By Mark Pomerleau
- Feb 19, 2016
To ensure its IT systems can successfully operate in a contested cyber environment, the Navy has finalized eight cybersecurity standards that aim to provide a uniform security architecture for its systems afloat, ashore, in the air and in space.
These finalized standards -- the first in a series of more than two dozen planned -- govern:
- Host-level protection
- Network firewall
- Network intrusion detection systems and intrusion protection systems
- Defense-in-depth functional implementation architecture
- Security information and event management implementation
- Information security continuous monitoring
- Boundary protection
- Vulnerability scanning
“Our intent in publishing these standards is for them to be included in design requirements, development and production contracts, and any other technical or engineering artifacts that touch on or influence cybersecurity designs for our various computer-based systems,” said Rear Adm. David Lewis, commander of the Space and Naval Warfare Systems Command.
The new standards will apply to all Navy IT systems -- including business, command and control, combat, weapon, navigation, machinery control, hull, mechanical, electrical and propulsion systems -- and will be built upon the National Institute of Standards and Technology cybersecurity standards.
In line with the Navy’s CyberSafe initiative that manages cybersecurity of Navy networks, platforms and systems, the newly announced standards are to be a key element in protecting the Navy’s cyberspace operations.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.