Date of Award

3-2007

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Systems Engineering and Management

First Advisor

Michael R. Grimaila, PhD

Abstract

Network security is a paramount concern for organizations utilizing computer technology, and the Air Force is no exception. Network software vulnerability patching is a critical determinant of network security. The Air Force deploys these patches as Time Compliance Network Orders (TCNOs), which together with associated processes and enforced timelines ensure network compliance. While the majority of the network assets affected by this process are Air Force owned and operated, a large number are maintained by external entities known as Program Management Offices (PMOs). Although these externally controlled systems provide a service to the Air Force and reside on its network, the TCNO processes for these assets are dictated and managed, to a large extent, by the PMOs. There is no current or planned, standardized method to release TCNOs to PMOs within the AF. Some are notified and tracked through a portal by the AFNOSC, while others are notified and tracked via secure email by MAJCOM NOSCs. While AFI mandates that PMOs are responsible for establishing procedures to evaluate applicability to their systems, there are no quality checks, standardization requirements or oversight to ensure the results of such evaluations are sound. Nonetheless, these PMO systems directly impact the security of the Air Force Network and the Department of Defense at large. By examining existing PMO patch management processes, this study should provide a better understanding of the TCNO processes used by PMOs with the intent of exploiting strengths and addressing weaknesses in an effort to move towards a standardized TCNO patching process.

AFIT Designator

AFIT-GIR-ENV-07-M08

DTIC Accession Number

ADA464947

Download

Share

COinS