Free CMMC Compliance Assistance: NSA Cybersecurity Services for Defense Contractors
Tom Sunderland, CISSP, CMMC CCA
In an effort to provide collaborative cybersecurity services, the National Security Agency (NSA) has established NSA’s DIB Cybersecurity Services. The services provided were selected to help protect against the more common nation-state exploitation tactics, using non-public indicators of known malicious activity that have been developed using NSA’s signals intelligence and cybersecurity expertise.
What is the National Security Agency (NSA) Cybersecurity Collaboration Center (CCC) Offering?
As of February 2024, the current offerings are Protective Domain Name System (PDNS), Attack Surface Management, and Threat Intelligence Collaboration.
Protective Domain Name System (PDNS)
Protective DNS is a security service that will inspect and analyze DNS queries to act on those queries, mitigate threats, and prevent users from connecting to malicious or suspicious domains. From NSA’s Cybersecurity Collaboration Center (CCC) site (1), “To date, NSA’s PDNS program has blocked 1 billion malicious or suspicious domains, including nation-state spear phishing, malware, botnets, and ransomware activity. NSA’s PDNS program is provided through Akamai’s GovShield and powered with a continuously evolving combination of proprietary and governmental domain blocklists.” The point to note in all of that is the PDNS solution that the NSA has selected is more streamlined for the type of malicious activity that a company in the Defense Industrial Base (DIB) will more likely see.
Attack Surface Management
Attack Surface Management is doing discovery, analysis, monitoring, and remediation of vulnerabilities of your cybersecurity landscape. With this service the NSA will start with identifying your internet-facing assets and determine if there are vulnerabilities in those assets. The second step of their approach is to provide you a tailored remediation list that will be prioritized by severity and the likelihood that the found vulnerability will be exploited, based on NSA’s unique insights. From NSA’s CCC site, “Through this service, our team takes an adversarial approach to illuminate any internet facing assets, searching for ways your network might be vulnerable. This allows our customers to identify and remediate issues before they become compromises. Each customer receives a tailored, prioritized report of issues for mitigation, along with an overview of their organization’s Internet footprint.” This is critical for the DIB as it is a vulnerability scan of one of their main points of ingress from an attacker.
Threat Intelligence Collaboration
Threat Intelligence Collaboration is crucial to helping organizations determine risk, as they provide a means to be alerted to what current threats are facing companies. The service offered by the NSA is extremely helpful and is setup as a two-way communication channel where you can ask questions to the cyber analyst at the NSA assigned to your tenant. From the NSA’s CCC site, “Enter into a voluntary, mutually beneficial cyber threat information sharing relationship with the NSA. Our team will establish a secure collaboration channel with your cyber threat analysts and share non-public, DIB-specific threat intelligence to help you prevent, detect, and mitigate malicious cyber activity. This channel is also a way for your team to submit questions and feedback on findings related to the threat intelligence we share directly back with us.” The information that you receive from this information share is super valuable to your team. Threats specific to your industry and are shared to allow you to get out ahead of imposing attacks.
How These Services Help with CMMC Compliance:
Protective DNS
Supports SC.L1-3.13.1 – Monitor, control, and protect communications. It can specifically help you with objective [g], Communications are protected at the external system boundary.
Attack Surface Management
Supports some controls in the Risk Assessment domain, specifically RA.L2-3.11.2 and RA.L2-3.11.3. While it is only scanning for vulnerabilities on your internet-facing assets, it does provide help for that part of your boundary.
Threat Intelligence Collaboration
Supports SI.L2-3.14.3 – Monitor system security alerts and advisories and take action in response. This service can be one of the advisories that you use to help with this control, as well as the remediation of those discovered vulnerabilities.
Are You Eligible for Free NSA Cybersecurity Services?
Yes, the NSA is offering these services to companies (Prime or Subcontractor) that are currently working on a Department of Defense (DoD) contract. The DoD currently funds the program and they selected the NSA to assist in this collaborative effort due to NSA’s unique insights on sophisticated nation-state cyber threats.
How to Get Started:
There are a few ways to confirm if you are eligible for these services.
- Email: From NSA’S CCC site, FAQ section, “Send an email to DIB_Defense@cyber.NSA.gov. Next, the team will confirm you meet the qualifications and schedule a call if needed to answer any further questions you may have. If you decide you want to enroll, you’ll then sign a simple form and our third-party commercial providers will help you implement the services as needed. In some cases, this process can take less than 30 minutes.”
- Online Form: The other option is filling out the form on this page: https://www.nsa.gov/About/Cybersecurity-Collaboration-Center/Customer-Contact-Form/. This form will ask for your name, email, phone, company, why you want to enroll, if you have access to DoD information, if you are on an active DoD contract, your Commercial and Government Entity (CAGE) code, and where you heard about this program. From there it will email the same team and they can use that information to reach out to you and verify if you are eligible to get started.
How can Coalfire Federal help you?
Coalfire Federal’s certified CMMC advisors and assessors are dedicated to helping make the Defense Industrial Base more secure. Our experts are prepared to help you find the right resources to enhance the robustness of your cybersecurity profile as well as support your roadmap to compliance with CMMC.
References