Policy

COM 590 Term Project Guidelines
This project is due at the end of Week 7.
Purpose
This course project is intended to assess your ability to identify, design, and organize information
technology security policies.
Learning Objectives and Outcomes
You will be able to develop draft IT security policies for an organization and apply learning constructs
from the course.
This assignment is worth 15 percent of your total grade for this course. You will receive an individual
assignment grade ranging from 0 to 100 points, which will then be weighted by the 15%.
Scenario
You are a security professional for Blue Stripe Tech, an IT services provider with approximately 400
employees. Blue Stripe Tech partners with industry leaders to provide storage, networking, virtualization,
and cybersecurity to clients.
Blue Stripe Tech recently won a large DoD contract, which will add 30 percent to the revenue of the
organization. It is a high-priority, high-visibility project. Blue Stripe Tech will be allowed to make its own
budget, project timeline, and tollgate decisions.
As a security professional for Blue Stripe Tech, you are responsible for developing security policies for
this project. These policies are required to meet DoD standards for delivery of IT technology services to
the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency.
To do this, you must develop DoD-approved policies, standards, and control descriptions for your IT
infrastructure (see the “Tasks” section in this document). The policies you create must pass DoD-based
requirements. Currently, your organization does not have any DoD contracts and thus has no DoDcompliant security policies, standards, or controls in place.
Your firm’s computing environment includes the following:
Blue Stripe Tech’s computing environment includes the following:
 12 servers running the latest edition of Microsoft Server, providing the following:
o Active Directory (AD)
o Domain Name System (DNS)
o Dynamic Host Configuration Protocol (DHCP)
o Enterprise resource planning (ERP) application (Oracle)
o A research and development (R&D) engineering network segment for testing, separate
from the production environment
o Microsoft Exchange Server for email
o Email filter
COM 590 Term Project Guidelines
o Cloud-based secure web gateway (web security, data loss protection, next-generation
firewall, cloud application security, advanced threat protection)
 Two Linux servers running Apache Server to host your website
 400 PCs/laptops running Microsoft Windows 10, Microsoft 365 office applications, and other
productivity tools
Tasks
You should:
 Develop a list of compliance laws required for DoD contracts.
 Determine which policy framework(s) will be used for this project.
 List controls placed on domains in the IT infrastructure.
 Describe the policies, standards, and controls that would make the organization DoD compliant.
 Write a professional report that includes all of the above content-related items and citations for all
sources.
This project is due at the end of Week 7.
Submission Requirements:
1. A Word Document 8 to 10 pages (font size – Times New Roman 12)
2. Double spaced with one-inch margins all around, all figures and diagrams must be labelled
3. All citations and the reference list in the paper should be formatted in accordance with APA 7th edition
(or later) guidelines
4. References are NOT included in the page count.
Source Information and Tools
The following tools and resources are helpful in completing this project:
 Course textbook
 Internet access
 DoD instructions or directives
https://www.esd.whs.mil/dd/
 Risk Management Framework (RMF) for DoD Information Technology (IT)
https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/851001p.pdf?ver=2019-02-
26-101520-300
 U.S. Department of Defense (DoD) Chief Information Office Library
https://dodcio.defense.gov/Library/
Department of Defense Information Security Program
https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/520001m_vol1.pdf?ver=202
0-08-04-092500-203
COM 590 Term Project Guidelines
Department of Defense Internet Services and Internet-Based Capabilities
https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/817001p.pdf
Citations for all sources must be in your report.