Module 01 Content

profilepaupol2004
CRSS_InitialPOAM.xlsx

Closed POA&M Items

FedRAMP Plan of Action and Milestones (POA&M) Template
CSP System Name Impact Level POAM Date
Text Text Low, Moderate, High Date
POAM ID Controls Weakness Name Weakness Description Weakness Detector Source Weakness Source Identifier Asset Identifier Point of Contact Resources Required Overall Remediation Plan Original Detection Date Scheduled Completion Date Planned Milestones Milestone Changes Status Date Vendor Dependency Last Vendor Check-in Date Vendor Dependent Product Name Original Risk Rating Adjusted Risk Rating Risk Adjustment False Positive Operational Requirement Deviation Rationale Supporting Documents Comments
V-001 IA-2 Authentication only takes place by single mechanism Users are only required to enter a password for access to domain assets. Interviews, and policy investigations. N/A Domain Wide Director of Systems and Architecture Domain modifications and group policy edits Implemented two factor authentication system. Users were enrolled in new two factor system and issued RSA token devices that auto generates a number to append to their password. 20160821 20170324 N/A N/A N/A N/A N/A N/A Moderate Moderate No No No N/A None None
V-002 IA-3 Rogue devices are allowed access to the network This weakness can be exploited on the wired network via physical access (plugging-in) and the wireless network, if wifi password is known. Testing, Wireless scans and physically plugging into wired network. N/A Entire CRSS network, administrative and secure networks. Sr. Network Administrator None It has been found that the border firewall meets NIST standards, phyiscal access to the CRSS campus is limited by guards and NIST approved physical access controls, and wifi logon is controled by Domain Authentication, which is now two factor. 20160821 20170511 N/A N/A N/A N/A N/A N/A Moderate Low Yes No No N/A None None
V-003 IA-5 Lack of Authentication Mangement CRSS only utilizes single factor authentication and the Help Desk has a process for resetting a user's password. The user is given a temporary password (over the phone, via email, or in person). Interviews and policy review N/A Entire Domain Director of Systems and Architecture None A web portal has been established for password changes and all password requests will be directed to this portal. With the new two factor authentication and issuance of RSA token devices, a procedure has been established to decomission lost and stolen devices and issue a new device. 20160821 20170502 N/A N/A N/A N/A N/A N/A Low Moderate Yes No No N/A None None
V-004 AC-5 Domain Administrator accounts have full domain acess Systems Administrators have full Domain access; inluding access to local logs, account modifications, and domain configurations Interviews, which led to investigations on Primary Domain Controller. N/A Domain Wide Director of Systems and Architecture Nothing beyond existing Created multiple accounts with various levels of access which are logged in the local domain event logs. Domain administrator account has a random password that has been secured in a safe. No account belongs to the domain or enterprise administrator group. Specialized Security groups have been created for varying levels of access. 20160821 20170211 N/A N/A N/A N/A N/A N/A High High No No No N/A None None
V-005 PE-13 Halon 1301 is currently deployed in the main data center as the fire supression system Halon has been identified as an Ozone depleating substance in 1994 and new production has been banned by the EPA. They current supply cannot be replensihed from new sources and only from recycled methods. Physical inspection of data center N/A Data Center fire supression system Director of Systems and Architecture None This weakness has been accepted, since Halon is safe to electrical equipment and has a low toxicity for humans. It has been determined to keep the existing system in place and find spare Halon from recycled systems. 20160821 20160923 N/A N/A N/A N/A N/A N/A Low Low No No No N/A None None
V-006 RA-5 Lack of strong scans being perfromed. , Interviews, Inspection of reports N/A Nessus server Information Security Officer SIEM, Splunk licensing and hardware The Nessus server has been moved to a secure portion of the network and access has been limited to a specific security group. The Nessus server can reach hosts via specialized firewall rules into the Administration and Classified Networks. An information security analyst has been tasked to monitor scan reports for bad data. Credentialed scans have not been implemented due to security concerns raised by data stakeholders. 20160821 20170612 N/A N/A N/A N/A N/A N/A Moderate Moderate No No No N/A None None