This document is the updated Manageable Network Plan Teaser providing highlights of the Manageable Network Plan.

02 November 2016 2 page(s) pdf

This is a technical document/manual for use by DoD, government, and industry ICS owners and operators. It provides methodologies to collect and analyze host and network data on ICS networks in  order to baseline and secure these infrastructures.

01 November 2016 99 page(s) pdf

Web browsers must be updated on a frequent basis in order to resist highly-scalable, low cost attacks. This document provides a per-browser approach for administrators to keep each major browser updated. Technical details provided in this guide are subject to change as operating systems and browser software evolve, but the overall strategies are likely to remain consistent.

14 October 2016 6 page(s) pdf

Defenders must raise the cost for an adversary to obtain high-value domain credentials after an initial intrusion. One such way is through a dedicated administrator workstation for performing highly-privileged tasks subsequently referred to as a Secure Administrator Workstation (SAW). SAWs address credential theft techniques by limiting highly-privileged credentials to specific hardened systems. This guide will help DoD administrators configure a...

27 July 2016 8 page(s) pdf

This document serves as an appendix to the “Seven Steps to Defend Industrial Control Systems” document, providing additional conceptual-level guidance on implementing application whitelisting.
Application Whitelisting (AWL) can detect and prevent attempted execution of malware uploaded by adversaries. The static nature of some industrial control system (ICS) components, such as database servers and human-machine interfaces, makes these ideal candidates to...

01 April 2016 7 page(s) pdf

This document provides a high-level description of new security features in Windows 10 for senior technology leaders. It describes how these features disrupt attacker tools, techniques, and procedures used against National Security Systems today.

24 February 2016 2 page(s) pdf

This document outlines several techniques that utilize functionality available within the Microsoft Windows operating system to establish an operational foundation ('position zero') of ICS/SCADA servers and workstations.

09 February 2016 24 page(s) pdf

Securing Industrial Control Systems (ICSs) against the modern threat requires well-planned and well-implemented strategies. This paper presents seven steps that can be implemented today to counter common exploitable weaknesses in "as-built" control systems.

23 December 2015 7 page(s) pdf

This document provides guidance on configuring Adobe Reader DC in a Windows environment. Adobe Reader DC is the latest version of Adobe Reader and replaces Adobe Reader XI. The “DC” in the title stands for “Document Cloud” which refers to the cloud based features introduced in Adobe Reader DC.

02 December 2015 13 page(s) pdf

A Manageable Network Plan is a series of milestones that can take an unmanageable, insecure network and make it more defensible, more secure and more manageable. Because the plan is intended to be a long-term solution, implementing milestones may require additional resources and time. Once manageable, your network can be secured more efficiently and effectively.

01 December 2015 58 page(s) pdf

The second in a series, this document focuses on system security within a "closed" ICS perimeter. It provides a systematic approach for implementing the access control concept of Least Privilege.

01 October 2015 17 page(s) pdf

The fourth in a series, this document focuses on implementing a secure ICS network management program through comprehensive network management policies and procedures. An effective network management program is an essential element of maintaining the security posture of critical ICS networks.

01 October 2015 16 page(s) pdf

This paper focuses on using the built-in tools already available in the Microsoft Windows operating system (OS). Central event log collection requires a Windows Server operating system version 2003 R2 or above. Many commercially available tools exist for central event log collection. Using a Windows Server 2008 R2 or above server version is recommended. There are no additional licensing costs...

07 August 2015 54 page(s) pdf

Microsoft®’s Enhanced Mitigation Experience Toolkit (EMET) is an enhancement to the Windows® operating system that stops broad classes of malware from executing. EMET implements a set of anti-exploitation mitigations that prevent the successful exploitation of memory corruption vulnerabilities in software, including many zero-day and bu er over ow attacks.

01 October 2014 12 page(s) pdf

This document contains Frequently Asked Questions regarding EMET

01 October 2014 8 page(s) pdf

Microsoft®’s Enhanced Mitigation Experience Toolkit (EMET) is an enhancement to the Windows® operating system that stops broad classes of malware from executing. EMET implements a set of anti-exploitation mitigations that prevent the successful exploitation of memory corruption vulnerabilities in software, including many zero-day and bu er over ow attacks.

01 October 2014 12 page(s) pdf

This document provides security guidance for network administrator to assist in the initial out-of-the-box configuration of Cisco Adaptive Security Appliance (ASA) 5500 Next Generation Firewalls (software version 9.1). The guidance provided is based on a basic and simplistic security policy for common network architectures; however, the concepts discussed may be applied to complex policies and networks. It is the responsibility...

10 September 2014 22 page(s) pdf

This document discusses mitigations administrators can deploy, in the interim, to reduce PtH’s effectiveness by addressing some of the properties it depends upon.

19 November 2013 17 page(s) pdf

This document includes information for using Adobe’s Customization Wizard (CW) or Microsoft’s PowerShell to configure the necessary settings for uniform distribution of the software throughout an enterprise or on a standalone system. Appendix A lists all of the ARXI security-related settings with recommendations for the environments that should configure those settings.

12 July 2013 20 page(s) pdf

This guide is meant to assist United States government and Department of Defense Windows system administrators deploy BIOSes to their enterprise client systems that support signed BIOSes and signed BIOS update mechanisms but do not have signed BIOSes installed by default due to these systems predating the NIST SP 800-147 standard. Vendors that implement signed BIOses currently ship systems with...

16 November 2012 32 page(s) pdf

This paper contains deployment guidance, recommended policies, and technical details for United States government and Department of Defense administrators who want to use the enterprise version of the Google Chrome web browser in their Windows Active Directory domain. Chrome 20.0.1132.47,

22 October 2012 37 page(s) pdf

This document provides security-related usage and configuration recommendations for Apple iOS devices such as the iPhone, iPad, and iPod touch.

28 March 2012 37 page(s) pdf

This document describes a procedure using Adobe Acrobat Professional X to redact information from PDF documents. The original source of the document can be any application, but the process described applies to documents that are already in PDF.

22 November 2011 13 page(s) pdf

The purpose of this guide is to provide security configuration recommendations for the Red Hat Enterprise Linux (RHEL) 5 operating system. The guidance provided here should be applicable to all variants (Desktop, Server, Advanced Platform) of the product. Recommended settings for the basic operating system are provided, as well as for many commonly-used services that the system can host in...

26 August 2011 200 page(s) pdf

This paper tries to help identify and explain the security risks (positive and negative) with REST, to facilitate development of more robust REST solutions.

25 March 2011 19 page(s) pdf

Vulnerability Technical Reports such as BIND 9 Security provide our customers with value-added information regarding a plethora of technologies. These reports identify vulnerabilities and provide recommendations to improve or eliminate the identified vulnerabilities. These reports also prioritize vulnerabilities and identify future initiatives in that particular technology arena. BIND is an open-source Domain Name Server (DNS) software package from the Internet...

14 February 2011 15 page(s) pdf

This guide highlights many of the new security features in Windows 7, just one of the many commercial operating systems available.

06 October 2010 2 page(s) pdf

This publication is the first in a series intended to help Industrial Control System (ICS) owners and operators in need of improving the security posture of their systems. This document will focus the reader on aspects of network security and give them a framework for assessing their current operational risk. It will then offer the reader a quantifiable approach to...

20 August 2010 18 page(s) pdf

Software Restriction Policies (SRP) enables administrators to control which applications are allowed to run on Microsoft Windows. SRP is a feature of Windows XP and later operating systems. It can be configured as a local computer policy or as domain policy using Group Policy with Windows Server 2003 domains and later. Using this guide, administrators can configure SRP to prevent...

01 August 2010 19 page(s) pdf