JOINT BASE SAN ANTONIO-FORT SAM HOUSTON, Texas –
From Feb. 26 to March 9, Joint Base San Antonio-Fort Sam Houston, an inspection team from the Defense Information Systems Agency, or (DISA), will conduct a Command Cyber Readiness Inspection, or CCRI, of all network systems for the JBSA-Fort Sam Houston area of responsibility.
The main focus of the inspection will be on the Nonsecure Internet Protocol Router Network, known as the NIPRNet, the Secret Internet Protocol Router Network, or SIPRNet, and supporting traditional security practices.
The agency will inspect work centers, looking for adherence to standards and will also check JBSA-Fort Sam Houston’s technical and information systems for vulnerabilities.
In addition, DISA will inspect technical and operational adherence to the Department of Defense standard practices and policies, which includes secure and non-secure cyber security network compliance and physical security practices.
In order to ensure JBSA-Fort Sam Houston passes the inspection successfully, every unit and network user has a responsibility for being knowledgeable on proper cyber security, traditional security and physical security practices.
Commanders and senior civilian leaders at all levels within their organizations are asked to check and re-check that these standards are being adhered to – down to the individual user – to ensure awareness and compliance with cyber security measures. The following are some tips network users can follow to ensure compliance success:
• Read your Acceptable Use Policy, or AUP. As users of the Army network, you sign an AUP when first being allowed access to any Army network. It contains all the basics you need to know to keep you compliant when using Government computer systems. Mobile device users are required to sign an additional AUP tailored for the device usage.
• At the conclusion of the business day, log computers off the NIPRNet system and reboot at the beginning of the next duty day ensure security patch compliance.
• Power on and log in to SIPRNet systems during mandatory SIPRNet “uptime” periods as established by the senior commander’s operation order. Staying connected during the entire period is essential to systems getting the required updates.
• Do not pass any information, especially critical operational traffic, over unclassified communications, such as phone, email, Facebook, etc.
• Remove Common Access Cards, SIPR tokens and secure all SIPR drop lockboxes and hard drives prior to leaving computers unattended.
• Do not plug unauthorized electronic devices, like thumb drives, hard drives, portable media players or cell phones into a government NIPRNet or SIPRNet computer system unless you have an approved exemption letter.
• Know who your security manager, information management officer and information assurance support officer are and how to contact them.
• Verify security clearances and escort unauthorized personnel.
• Properly safeguard classified systems to include proper completion of applicable Standard Form 700 (security container information), SF 701 (activity security checklist) and SF 702 (security container check sheet).
• Use proper document cover sheets and face your monitors away from your doors and windows to eliminate viewing by unauthorized personnel.
• Properly label disc media and have proper classification markings, such as a Department of Defense Form 2056 (telephone monitoring notification decal) on communications equipment like computers, monitors, phones, etc., in a mixed environment.
• Know how to identify and respond to a network security incident or classified message incident by using the network incident reporting aid located on the NEC Information Assurance SharePoint site at http://samhc25070:16628/IAD/SitePages/Home.aspx under the cyber security links.
• Never bring portable or wireless electronic devices within three meters of a classified system.
For more information or assistance on keeping your areas inspection ready, contact your unit’s G2/S2/security manager or your unit technical support G6/S6/information mission officer or internet assurance training officer.
• Ensure all Common Access Cards and SIPRNET tokens are not left unattended in personal computers. They must be with you at all times.
For Network Enterprise Center support, call 210-221-1599.