The U.S. Navy finalized the first eight of over 24 planned foundational cybersecurity standards to govern the majority of the service’s systems and program, Space and Naval Warfare Systems Command (SPAWAR) said Feb. 16.
The standards were developed by the Information Technology/Information Assurance Technical Authority Board (IT/IA TAB) to provide a uniform security architecture framework. The framework includes a consistent application of security controls for the Navy’s afloat, ashore, aviation, and space systems.
The new cyber standards are host level protection, network firewall, network intrusion detection systems and intrusion protection systems, defense in depth functional implementation architecture, security information and event management implementation, information security continuous monitoring, boundary protection, and vulnerability scanning.
After the IT/IA Tab developed the cybersecurity standards, SPAWAR, the Navy’s information assurance technical authority, finalized them.
The IT/IA TAB consists of experts at SPAWAR, the Naval Sea Systems Command, Naval Air Systems Command, Naval Supply Systems Command, and the Naval Facilities Engineering Command. Other Navy and Marine Corps organizations also participated in the standards development process, the Navy said.
“Our intent in publishing these standards is for them to be included in design requirements, development and production contracts, and any other technical or engineering artifacts that touch on or influence cybersecurity designs for our various computer-based systems,” SPAWAR Commander Rear Adm. David Lewis said in a statement.
The Navy highlighted the standards are a “key element” of the Navy’s cyber strategy. The new standards apply to all Navy Information Technology (IT) systems including business, command and control, combat, weapon, navigation, machinery control; hull, mechanical and electrical; and propulsion systems.
The standards are based on the existing National Institute of Standards and Technology (NIST) cybersecurity standards, but with added information for Navy-specific implementation, SPAWAR said.
“These standards are subject to periodic review and update, both as NIST issues changes to the underlying standards and as we decide to make changes based on lessons learned during implementation,” Lewis added
The Navy noted the full standards are only available to U.S. government organization and authorized industry companies.