Security professional for Blue Stripe Tech, an IT services provider

by | Mar 23, 2025 | Technology

Scenario
You are a security professional for Blue Stripe Tech, an IT services provider with approximately 400 employees. Blue Stripe Tech partners with industry leaders to provide storage, networking, virtualization, and cybersecurity to clients.

Blue Stripe Tech recently won a large DoD contract, which will add 30 percent to the revenue of the organization. It is a high-priority, high-visibility project. Blue Stripe Tech will be allowed to make its own budget, project timeline, and tollgate decisions.

As a security professional for Blue Stripe Tech, you are responsible for developing security policies for this project. These policies are required to meet DoD standards for delivery of IT technology services to the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency.

To do this, you must develop DoD-approved policies, standards, and control descriptions for your IT infrastructure (see the “Tasks” section in this document). The policies you create must pass DoD-based requirements. Currently, your organization does not have any DoD contracts and thus has no DoD-compliant security policies, standards, or controls in place.

Blue Stripe Tech’s computing environment includes the following:

12 servers running the latest edition of Microsoft Server, providing the following:
Active Directory (AD)
Domain Name System (DNS)
Dynamic Host Configuration Protocol (DHCP)
Enterprise resource planning (ERP) application (Oracle)
A research and development (R&D) engineering network segment for testing, separate from the production environment
Microsoft Exchange Server for email
Email filter
Cloud-based secure web gateway (web security, data loss protection, next-generation firewall, cloud application security, advanced threat protection)
Two Linux servers running Apache Server to host your website
400 PCs/laptops running Microsoft Windows 10, Microsoft 365 office applications, and other productivity tools
Tasks
Develop a list of compliance laws required for DoD contracts.
Determine which policy framework(s) will be used for this project.
List controls placed on domains in the IT infrastructure.
List required standards for common devices, categorized by IT domain.
Develop DoD-compliant policies for the organization’s IT infrastructure.
Describe the policies, standards, and controls that would make the organization DoD compliant.
Develop a high-level deployment plan for implementation of these polices, standards, and controls.
Write a professional report that includes all of the above content-related items and citations for all sources.

 

 

Sample solution

Dante Alighieri played a critical role in the literature world through his poem Divine Comedy that was written in the 14th century. The poem contains Inferno, Purgatorio, and Paradiso. The Inferno is a description of the nine circles of torment that are found on the earth. It depicts the realms of the people that have gone against the spiritual values and who, instead, have chosen bestial appetite, violence, or fraud and malice. The nine circles of hell are limbo, lust, gluttony, greed and wrath. Others are heresy, violence, fraud, and treachery. The purpose of this paper is to examine the Dante’s Inferno in the perspective of its portrayal of God’s image and the justification of hell. 

In this epic poem, God is portrayed as a super being guilty of multiple weaknesses including being egotistic, unjust, and hypocritical. Dante, in this poem, depicts God as being more human than divine by challenging God’s omnipotence. Additionally, the manner in which Dante describes Hell is in full contradiction to the morals of God as written in the Bible. When god arranges Hell to flatter Himself, He commits egotism, a sin that is common among human beings (Cheney, 2016). The weakness is depicted in Limbo and on the Gate of Hell where, for instance, God sends those who do not worship Him to Hell. This implies that failure to worship Him is a sin.


This question has been answered

God is also depicted as lacking justice in His actions thus removing the godly image. The injustice is portrayed by the manner in which the sodomites and opportunists are treated. The opportunists are subjected to banner chasing in their lives after death followed by being stung by insects and maggots. They are known to having done neither good nor bad during their lifetimes and, therefore, justice could have demanded that they be granted a neutral punishment having lived a neutral life. The sodomites are also punished unfairly by God when Brunetto Lattini is condemned to hell despite being a good leader (Babor, T. F., McGovern, T., & Robaina, K. (2017). While he commited sodomy, God chooses to ignore all the other good deeds that Brunetto did.

Finally, God is also portrayed as being hypocritical in His actions, a sin that further diminishes His godliness and makes Him more human. A case in point is when God condemns the sin of egotism and goes ahead to commit it repeatedly. Proverbs 29:23 states that “arrogance will bring your downfall, but if you are humble, you will be respected.” When Slattery condemns Dante’s human state as being weak, doubtful, and limited, he is proving God’s hypocrisy because He is also human (Verdicchio, 2015). The actions of God in Hell as portrayed by Dante are inconsistent with the Biblical literature. Both Dante and God are prone to making mistakes, something common among human beings thus making God more human.

To wrap it up, Dante portrays God is more human since He commits the same sins that humans commit: egotism, hypocrisy, and injustice. Hell is justified as being a destination for victims of the mistakes committed by God. The Hell is presented as being a totally different place as compared to what is written about it in the Bible. As a result, reading through the text gives an image of God who is prone to the very mistakes common to humans thus ripping Him off His lofty status of divine and, instead, making Him a mere human. Whether or not Dante did it intentionally is subject to debate but one thing is clear in the poem: the misconstrued notion of God is revealed to future generations.

 

References

Babor, T. F., McGovern, T., & Robaina, K. (2017). Dante’s inferno: Seven deadly sins in scientific publishing and how to avoid them. Addiction Science: A Guide for the Perplexed, 267.

Cheney, L. D. G. (2016). Illustrations for Dante’s Inferno: A Comparative Study of Sandro Botticelli, Giovanni Stradano, and Federico Zuccaro. Cultural and Religious Studies4(8), 487.

Verdicchio, M. (2015). Irony and Desire in Dante’s” Inferno” 27. Italica, 285-297.

Report: Securing Blue Stripe Tech’s DoD Contract: Compliance and Implementation

1. Introduction:

  • Briefly describe Blue Stripe Tech and the newly acquired DoD contract.
  • State the purpose of the report: to develop and implement DoD-compliant security policies, standards, and controls.
  • Outline the report’s structure.

2. Compliance Laws Required for DoD Contracts:

  • Federal Information Security Modernization Act (FISMA):
    • Mandates federal agencies and their contractors to develop, document, and implement an organization-wide information security program.

Report: Securing Blue Stripe Tech’s DoD Contract: Compliance and Implementation

1. Introduction:

  • Briefly describe Blue Stripe Tech and the newly acquired DoD contract.
  • State the purpose of the report: to develop and implement DoD-compliant security policies, standards, and controls.
  • Outline the report’s structure.

2. Compliance Laws Required for DoD Contracts:

  • Federal Information Security Modernization Act (FISMA):
    • Mandates federal agencies and their contractors to develop, document, and implement an organization-wide information security program.
  • Defense Federal Acquisition Regulation Supplement (DFARS):
    • Specifically addresses cybersecurity requirements for DoD contractors, including compliance with NIST SP 800-171.
  • National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171:
    • Provides requirements for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations.
  • Cybersecurity Maturity Model Certification (CMMC):
    • A verification mechanism to ensure appropriate levels of cybersecurity practices and processes are implemented to protect Federal Contract Information (FCI) and CUI.
  • Health Insurance Portability and Accountability Act (HIPAA):
    • If any health data is involved in the contract.
  • Federal Records Act (FRA):
    • If any records management is involved.
  • Privacy Act of 1974:
    • If any personal information is involved.
  • Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR):
    • If any export controlled data is involved.

3. Policy Framework(s) Selection:

  • NIST Cybersecurity Framework (CSF):
    • Provides a comprehensive framework for managing cybersecurity risks.
    • Aligns well with DoD requirements and NIST SP 800-171.
  • NIST Special Publication (SP) 800-53:
    • Provides a catalog of security and privacy controls for federal information systems and organizations.
    • This will be used in conjunction with 800-171.
  • CMMC Framework:
    • This framework will be used to verify the compliance of the implemented controls.
  • Justify the selection based on DoD requirements and industry best practices.

4. Controls Placed on Domains in the IT Infrastructure:

  • Active Directory (AD):
    • Multi-factor authentication (MFA) for privileged accounts.
    • Least privilege access control.
    • Regular security audits and logging.
    • Group Policy implementation for security settings.
    • Password complexity and rotation policies.
  • DNS:
    • DNS Security Extensions (DNSSEC) implementation.
    • DNS logging and monitoring.
    • Restricted DNS zone transfers.
  • DHCP:
    • DHCP snooping and rogue DHCP server detection.
    • MAC address filtering.
    • IP address range restrictions.
  • ERP (Oracle):
    • Database encryption and access controls.
    • Application security testing.
    • Regular security patches and updates.
  • Email (Exchange Server):
    • Email encryption (TLS/SSL).
    • Spam and phishing filters.
    • Data loss prevention (DLP) policies.
  • Web Servers (Linux/Apache):
    • Web application firewall (WAF).
    • Regular vulnerability scans.
    • Secure Sockets Layer (SSL/TLS) implementation.
    • Intrusion detection/prevention systems (IDS/IPS).
  • PCs/Laptops (Windows 10):
    • Endpoint detection and response (EDR).
    • Full disk encryption.
    • Regular patch management.
    • Antivirus and anti-malware software.
    • User access control.
  • R&D Network Segment:
    • Network segmentation from the production network.
    • Strict Access control.
    • Logging and monitoring of all activity.

5. Required Standards for Common Devices (Categorized by IT Domain):

  • Servers (Microsoft Server/Linux):
    • NIST SP 800-171 configuration baselines.
    • Regular security patching.
    • System hardening.
    • Log management.
  • Network Devices (Routers, Switches, Firewalls):
    • NIST SP 800-53 configuration standards.
    • Firewall rule management.
    • Intrusion detection/prevention.
    • Network segmentation.
  • Endpoints (PCs/Laptops):
    • CIS benchmarks for Windows 10.
    • Endpoint protection platforms.
    • Mobile device management (MDM) policies.
    • Data at rest and data in transit encryption.
  • Cloud Services:
    • Cloud security alliance best practices.
    • Data encryption.
    • Access control.
    • Logging.

6. DoD-Compliant Policies for the IT Infrastructure:

  • Access Control Policy:
    • Least privilege, role-based access control.
    • MFA requirements.
    • Account management procedures.
  • Incident Response Policy:
    • Incident detection, containment, eradication, and recovery procedures.
    • Reporting and communication protocols.
  • Configuration Management Policy:
    • System hardening and baseline configuration.
    • Change management procedures.
  • Security Awareness and Training Policy:
    • Regular security training for all employees.
    • Phishing awareness and prevention.
  • Data Protection Policy:
    • Data encryption, backup, and recovery.
    • Data loss prevention.
  • Vulnerability Management Policy:
    • Regular vulnerability scanning and penetration testing.
    • Patch management procedures.
  • Contingency Planning Policy:
    • Disaster recovery and business continuity plans.

7. Description of Policies, Standards, and Controls for DoD Compliance:

  • Explain how the developed policies, standards, and controls align with NIST SP 800-171 and CMMC requirements.
  • Highlight the implementation of security best practices.
  • Demonstrate the organization’s commitment to protecting CUI and FCI.

8. High-Level Deployment Plan:

  • Phase 1: Assessment and Planning:
    • Conduct a gap analysis to identify areas of non-compliance.
    • Develop a detailed implementation plan.
    • Allocate resources and assign responsibilities.
  • Phase 2: Policy and Standard Development:
    • Finalize and document all security policies and standards.
    • Develop training materials for employees.
  • Phase 3: Control Implementation:
    • Implement technical controls (e.g., MFA, encryption, IDS/IPS).
    • Configure systems and devices according to security standards.
    • Test and validate controls.
  • Phase 4: Monitoring and Maintenance:
    • Establish continuous monitoring and logging.
    • Conduct regular security audits and assessments.
    • Update policies and controls as needed.
  • Phase 5: CMMC Certification:
    • Obtain a CMMC third party assessment.
    • Correct all deficiencies.
    • Achieve CMMC certification.

9. Conclusion:

  • Summarize the key findings and recommendations.
  • Reiterate the importance of DoD compliance for the organization’s success.
  • Emphasize Blue Stripe Tech’s commitment to security.

10. Citations:

  • Provide a comprehensive list of all sources used, including NIST publications, DFARS, and other relevant documents.

This detailed report will provide Blue Stripe Tech with a solid foundation for achieving DoD compliance and securing their new contract.

This question has been answered.

Get Answer