College for Professional Studies
MS Computer and Information Technology
School of Computer & Information Science
Thesis - Open Access
Number of Pages
Vulnerability identification, remediation, and compliance verification within the Department of Defense (DOD) are currently inconsistent and non-integrated. The Secure Configuration Tool Suite (SCTS) solution should make significant grounds in resolving the DOD deficiency within an Enterprise-wide Information Assurance Vulnerability Management System. The professional project documented in this paper is a result of a major DOD initiative in support of the SCTS, and is comprised of 2 initiatives: the Secure Configuration Compliance Validation Initiative (SCCVI), which provides vulnerability assessment capability, and the Secure Configuration Remediation Initiative (SCRI), which provides vulnerability remediation capability. As a member of the project installation team the author performed on-site installations as required and directed. The DOD is a large organization and documenting the entire project would be beyond the scope of this professional project. Therefore, this analysis is based on a smaller scale of the initiative above. The installation of an unclassified baseline model at a pre-selected DOD command andall of its subcomponents will be utilized for this thesis. This installation will eventually be available for all DOD components to use as a lessons-learned tool and as a result these tools will be applied across the DOD Enterprise and should fully integrate IA Vulnerability identification, verification, and reporting; thus making a significant contribution to an Enterprise-wide Information Assurance Vulnerability Management System. While this project is based on actual events and efforts, in order to keep within the guidelines of non-disclosure outside of the DOD environment, specific names of commands, agencies and locations have been substituted with generic ones.
Date of Award
© Victor Lugo
All content in this Collection is owned by and subject to the exclusive control of Regis University and the authors of the materials. It is available only for research purposes and may not be used in violation of copyright laws or for unlawful purposes. The materials may not be downloaded in whole or in part without permission of the copyright holder or as otherwise authorized in the “fair use” standards of the U.S. copyright laws and regulations.
Lugo, Victor M. Jr., "Secure Configuration tool Suite Initiative" (2006). Regis University Student Publications. 343.