Test and Development Environment

For new or major modernization projects, the Systems Integrator will establish a Test and Development Environment (TDE) that replicates the Production Environment to the highest degree possible starting with the Level 4 Workstations, Servers, software and with at least one of each of the Level 3-0 major components, devices, and actuators. At approximately the 50-75% construction complete, the TDE will be used to perform Factory Acceptance Testing (FAT) of the project to ensure the project has end-to-end functionality, has been properly configured using the Security Content Automation Protocol (SCAP) tool and the Security Technical Implementation Guides (STIGS), all patches (OS and CS) are installed and properly configured, and begin creating the artifacts for the draft System Security Plan.

At approximately 95-100% construction complete, the TDE will be used to conduct Site Acceptance Testing of the complete FRCS, and if required, Penetration testing. The SAT artifacts will be included in the final System Security Plan, FMC and Jump-Kit (if required).

The FRCS Project Team/System Integrator will transfer the TDE to the Project PM for inclusion into the Platform Enclave FRCS Operations Center.

Product List by Product and Date Posted
Product Date Posted

DHS ICS-CERT Cyber Security Evaluation Tool (CSET)

Software
test_dev_1

CSET is a free tool that can be used by any organization and has the DoD RMF process built-in to create the network architecture diagram, has a plug-in to import GrassMarlin network discovery and inventory files, and creates a Security Plan. 

May 2018

GrassMarlin

Software

GrassMarlin is a GOTS tool (free) can be used by any organization and is a passive network and discovery tool that identifies control system components and devices and creates a network architecture diagram and inventory which can be imported into the CSET or Visio tools.

May 2018

DoD Software Content Automation Protocol Tool

Software

The DoD SCAP Tool is a restricted to government employees and federal contractors and is used to perform vulnerability and compliance checks of IT systems and components using the STIGS. This tool should be used to conduct security audits if the DoD HBSS/ACAS system is not available.

Jun 2018

SamuraiSTFU

Software and Guidance

SamuraiSTFU is a COTS product (free) can be used by any organization and is a penetration testing tool. Any organization can use the tool to perform the full range of traditional IT penetration tests, but Samurai is specifically design for OT penetration testing capabilities in support of the EPRI Smart Grid and Smart Meter Penetration Testing Guides. The tool runs on VMWare. 

May 2018

Kali Linux

Software

Kali is a COTS product (free) can be used by any organization and is a penetration testing tool. Any organization can use the tool to perform the full range of traditional IT penetration tests, and it also now has several OT penetration testing capabilities. The tool runs on VMWare. 

May 2018

Glasswire

Software

Glasswire is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful network, firewall, application, alerting and logging tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System.

Jun 2018

Belarc Advisor

Software

The tool is a data gathering and analysis tool for IT systems. The tool can be used in the Test and Development Environment to establish the preliminary Functional-Mission Capability Baseline and should be included on the Jump-Kit Rescue CD (if required).

May 2018

MalwareBytes

Software

MalwareBytes is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful AV and Malware detection tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System. 

May 2018

OSForensics

Software

OSForensics is COTS product (free and purchase versions) that can be used by any organization for forensics of IT systems. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

FireEye Redline

Software

FireEye Redline is COTS product (free) that can be used by any organization for forensics of IT systems. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

Microsoft SysInternals Suite

Software and Guidance

The suite of tools can be used by any organization to evaluate OS and system performance and search for malware and isolate process and threads. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

Host-Based Scanning System (HBSS) /Assured Compliance Assessment Solution (ACAS) Tools

Software

HBSS and ACAS are components of the DISA Endpoint Security Solutions (ESS) suite which is an integrated set of capabilities that work together to detect, deter, protect, and report on cyber threats across all DOD networks. The FRCS designer, construction and systems integrators will not typically have access to HBSS ACAS; CIO and DISA typically deploy the tools to the new systems being added to the DoD network.

May 2018
Share