cenarioYou work for a high-tech company with approximately 390 employees. Your firm recently won a large DoD contract, which will add 30% to the revenue of your organization. It is a high-priority, hi

cenario

You work for a high-tech company with approximately 390 employees. Your firm recently won a large DoD contract, which will add 30% to the revenue of your organization. It is a high-priority, high-visibility project. You will be allowed to make your own budget, project timeline, and tollgate decisions.

This course project will require you to form a team of 2 to 3 coworkers (fellow students) and develop the proper DoD security policies required to meet DoD standards for delivery of technology services to the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency. To do this, you must develop DoD-approved policies and standards for your IT infrastructure (see the “Tasks” section below). The policies you create must pass DoD-based requirements. Currently, your organization does not have any DoD contracts and thus has no DoD-compliant security policies or controls in place.

Your firm's computing environment includes the following:

• 12 servers running Microsoft Server 2012 R2, providing the following:
  • Active Directory (AD)
  • Domain Name System (DNS)
  • Dynamic Host Configuration Protocol (DHCP)
  • Enterprise Resource Planning (ERP) application (Oracle)
  • A Research and Development (R&D) Engineering network segment for testing, separate from the production environment
  • Microsoft Exchange Server for e-mail
  • Symantec e-mail filter
  • Websense for Internet use
• Two Linux servers running Apache Server to host your Website
• 390 PCs/laptops running Microsoft Windows 7 or Windows 8, Microsoft Office 2013, Microsoft Visio, Microsoft Project, and Adobe Reader

Tasks

You should:

• Select a team leader for your project group.
• Hold weekly team meetings as a group and with your instructor to be sure your team is proceeding correctly.
• Create policies that are DoD compliant with the organization’s IT infrastructure.
• Develop a list of compliance laws required for DoD contracts.
• List controls placed on domains in the IT infrastructure.
• List required standards for all devices, categorized by IT domain.
• Develop a deployment plan for implementation of these policies, standards, and controls.
• List all applicable DoD frameworks in the final delivery document.
• Write a professional report that includes all of the above content-related items.

Although the final project report is due at the end of the course, it is recommended that you complete it at least a week early, so you have more time to study for the final exam.

Submission Requirements

• Format: Microsoft Word
• Font: Arial, Size 12, Double-Space
• Citation Style: Your school’s preferred style guide
• Length: 4–6 pages

Self-Assessment Checklist

• I developed a list of compliance laws required for DoD contracts.
• I listed controls placed on domains in the IT infrastructure.
• I listed required standards for all devices, categorized by IT domain.
• I developed DoD policies and standards for our organization’s IT infrastructure.I developed a deployment plan for implementation of these policies, standards, and controls.
• I listed all applicable DoD frameworks in the final report.
• I involved myself in each of the lessons and asked my instructor questions.
• I found additional references/resources than those provided.
• I created an academic paper describing the policies, standards, and controls that would make our organization DoD compliant.
• I submitted my work per the deliverable timeline to the instructor for monitoring and comment.