The U.S. Marine Corps has adopted a “comply-to-connect” method to prevent a computing device from passing malicious applications on to the branch’s enterprise network, Federal News Radio reported Friday.
Jason Miller writes that Ray Letteer, the branch’s cybersecurity division chief, said the system works to check if computers and laptops have software patches and automatically updates the devices’ configuration settings.
Leteer discussed the technique in a panel discussion Wednesday at the Cybersecurity Summit in Washington.
“We set up this program to do a comply-to-connect construct, when you plug it in [to the network], your box will get remediated based on the current requirements that Defense Department tells us,” he told the event audience.
USMC uses the model in almost 3,500 systems and plans to expand its usage across key installations by the end of 2014, according to the radio station.
“I actually had a report that was given to me last month that at one time during the day those 3,500 systems were 100 percent compliant,” Letteer added, according to Miller’s report.
Miller writes that USMC is training its program managers on how to use software assurance tools to safeguard websites and applications.
USMC also installed a web risk assessment cell platform that works to monitor the branch’s sites for any vulnerabilities.
“One of the two sites was a manpower site and it had a lot of personal identifiable information on it. They’ve done enough work where they’ve actually done not only Web application firewalls, but database firewalls and such,” Letteer said, according to the station.
“To me, they are the most secure data repository in the DoD right now because they can see everything and remediate everything. We now are going to put them in front of all Marine Corps websites that we own.”