FOIA Document | Dec. 21, 2012

Better Reporting and Certification Processes Can Improve Red Teams' Effectiveness


We are providing this report for your review and comment. The DoD Cyber Red Teams did not effectively repprt vulnerabilities, threats, and infiltration activities to assessed organizations and DbD Components. In addition, the assessed organizations did not correct or mitigate all vulnerabilities and did not report all security weaknesses. Finally, U.S. Strategic Co:mniand and the National Security Agency officials did not include revievys and analysis of Red Team members' proficiency, training, and certifications in their Certification and Accreditation process.