NOT MEANT TO BE A SURPRISE
It's no secret that my (this is Neal) first priority has been solidifying IEW's cybersecurity compliance. Over the past several months I put together a wish list of changes either required or supporting that effort. I recently handed the list over to Jim Garoutte, who is making the changes. One way you can tell he visited your site is that it requests the date of your annual cybersecurity refresher. Just put it in once, and it won't bother you about it until next year.
The list of changes is rather long. They include
--Granting access to the Information System Security Officer and Information System Security Manager (ISSO and ISSM). This consists of adding user groups for ISSO and ISSM.
(IMPORTANT NOTE: I mistakenly specified the addition of an account for the person identified at the time as our ISSO. I will go in and disable this account from your system myself if you have one.)
--Requiring date of last CyberChallenge training to maintain permissions
--Setting accounts to deactivate after 35 days without a login
--Enforcing Password Requirements
--Creating redirect pages for COVID-19 and SOS information. These pages exist to direct the Digital Garrison mobile app to your EXISTING coronavirus and Survivor Outreach Services pages. See the last bulletin for more information: https://home.army.mil/imcom/index.php/contact/webmaster-1/bulletin/moveable-pandemic
Other changes on the list that will take more time:
-- Create sitewide audit/logging system, User Session recording: We gather all this stuff in logs. We are building a system to convert data into information so we can police bad actors in our system.
-- Sitewide FOUO / PII filter and AURLL enforcer: This protects the system by preventing accidental upload of content we are not allowed to have.
-- Garrison FOIA page template, Garrison privacy page template, and other "Mad-Lib" boilerplate.
DID YOU SAY INSPECTION?
I plan review all garrison sites within the next month. I'll primarily be looking for how the Tiered Menu Layout works today, but I also intend to re-establish the naming conventions to make it easier for the Digital Garrison app to interact with IEW. More to come.
DID YOU MENTION DIGITAL GARRISON?
Yes. We owe you an update. There have been several changes to the requirements we need to meet before we release. Expect more info in a separate bulletin this week.
FOR THE RECORD
On Wednesday, June 10, we received the first reports of files not appearing on home.mil after being loaded to homeadmin. By Thursday we had almost two dozen sites reporting. Shelby made it his (and AAG's) first priority, and by Thursday night they traced the issue to an expired internal password. They fixed it and set up monitors for all internal password expirations. Everythimg should function properly.