OPSEC Information Assurance
Identify and manage online OPSEC Information Assurance vulnerabilities to ensure regulatory compliance
The Compliance Sheriff ™ OPSEC Information Assurance Module, an integrated solution for the monitoring and verification of accessible, usable, and searchable content, complies with Risk Assessment Practices and federal OPSEC guidelines. It provides a centralized system for mitigating online risk, and identifying and managing online data and information security vulnerabilities to ensure regulatory compliance.
With the Compliance Sheriff OPSEC Information Assurance Module organizations can:
- Identify problem or exposed security areas.
- Monitor public and collaborative sites for accidental disclosure of confidential information.
- Measure and manage risk and compliance across the organization.
- Manage content compliance efficiently and consistently throughout the content development and deployment lifecycles.
- Easily define custom Risk Management criteria for automated checks, monitoring, and reporting.
- Analyze trends in historical data with reports, dashboards and scorecards.
- Work collaboratively with team members to ensure compliance with all standards.
- Meet US Federal Operational Security (OPSEC) mandates:
- Validate for compliance with OPSEC standards and guidelines to help eliminate or reduce adversary exploitation of friendly critical information.
- Integrate OPSEC testing into your quality assurance and content delivery processes
Data and Information Security Reports and Monitoring
Compliance Sheriff divides data and information security monitoring and reports into key areas that scan your website properties with multiple checks and validation points. Available reports include:
- Website purpose statement: Identifies that a website contains a clearly defined purpose statement that supports the mission of the DoD Component.
- Page Titles: A common method of search on both public and private sites is title searching. Important from an operational perspective, this check validates titles are present.
- External Link Disclaimer: Validates the website contains a Disclaimer for External Links notice when a user requests any site outside of the current web information service.
- Third-party content or advertising: This test validates no images are found that include third- party content or advertising.
- Operational Information - Lessons Learned Audit: Identifies if the website contains any information indicating plans or lessons learned which would reveal military operations, exercises or vulnerabilities.
- Operational Information - Military Information: Determines if the website references any information that would reveal sensitive movements of military assets or the location of units, installations, or personnel where uncertainty regarding location is an element of the security of a military plan or program.
- Personal Information: Scans the site for personal information, about US citizens, DOD employees and military personnel; including Social Security number, date of birth, address, phone number.• Technological Data - Schematic, Diagrams and Frequency: Check for content containing any technical data, schematic diagrams, and the frequency of appearance.
- Relevant Information:
- Deployment, Exercise, Contingency or Training Schedules: Identifies if the website contains relevant information that might reveal an organization’s plans and intentions in the following categories: Administrative, Operational, Communications, and/or Logistics.
- Biographies, Family Support Activities and Phone Directories: Searches for relevant information contained on the site that might reveal an organizations plans and intentions in the following categories: Administrative, Operational, Communications and/or Logistics.