Background:
Recent contracts with the Departments of Defense and Homeland Security have imposed additional security requirements upon Sifers-Grayson and its lab operations. The company is now required to comply with NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The company must also comply with provisions of the Defense Federal Acquisition Regulations (DFARS) including section 252-204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting. These requirements are designed to ensure that sensitive technical information, provided by the federal government and stored on computer systems in the Sifers-Grayson SCADA Lab and the Sifers-Grayson R&D DevOps lab, is protected from unauthorized disclosure. This technical information includes software designs and source code for systems and devices that Sifers-Grayson builds or supports.
The contract requirements also mandate that Sifers-Grayson report cyber incidents to the federal government in a timely manner. As part of the reporting requirements, Sifers-Grayson must provide documentation about its Incident Response Processes and Procedures. The procedures that you develop for this project will become part of the contractually required documentation.
Vendor documentation for Windows 8.1, Windows 10, and other utilities / applications will provide information about how to use various features, tools, and utilities but, during an incident, responders may not have time to search vendor websites and/or the Internet for information about tools and tool usage procedures. For this reason, customized incident response procedures are required to ensure that response is timely and that all incident responders have the information needed to execute their tasks.
Assess and document tools to be used by the Sifers-Grayson Incident Response Team during the preparation, detection, containment, eradication, and recovery phases of the Incident Response Process (as defined in NIST SP 800-61r2). The deliverable for this assignment is a set of three customized procedures suitable for inclusion in the Sifers-Grayson Incident Response Procedures Manual.