David Cotton, deputy chief information officer for information enterprise at the Defense Department, has disclosed the agency’s new approach to evaluating the basic cybersecurity practices of DoD network users, FCW reported Wednesday.
Cotton told a cybersecurity symposium at George Mason University that the cyber assessment template is designed to remove a command and control system the department considers to be a security liability, Sean Lyngaas reports.
DoD CIO Terry Halvorsen “is drawing a line in the sand and saying enough is enough,” he told audiences at the symposium.
“If you don’t comply, you are not on the network, you are off,” Cotton said.
DoD aims for the new approach to gain a streamlined view of network vulnerabilities and address those threats, according to the report.
Cotton said department components will be given a week to patch any security flaws detected, FCW reports.
Lyngaas writes a DoD cybersecurity review in fiscal year 2014 revealed basic network vulnerabilities within the department such as lack of compliance with password security policies.