Cyber vulnerabilities

  • Published
  • 325th Fighter Wing Public Affairs
TYNDALL AIR FORCE BASE, Fla --  Team Tyndall will undergo a Command Cyber Readiness Inspection July 21 through 25.
It is more vital than ever for users to be made aware of the CCRI categories of vulnerabilities inspectors will be looking for.

There are three different categories of vulnerabilities - CAT I, CAT II and CAT III. The inspection will look at physical security, network security, and information assurance awareness and will determine if there are any deficiencies or vulnerabilities on Tyndall's networks.
The inspection team will be assessing Tyndall's ability to secure unclassified and classified networks, both electronically and physically, by eliminating/mitigating all CAT I and CAT II vulnerabilities or by having an approved plan of action and milestones in place to resolve these vulnerabilities.

A CAT I vulnerability severity code means any vulnerabilities that may result in a total loss of information or that provides an attacker immediate access into a machine, grants privileged user access, bypasses a firewall, or results in a denial of service. For example, having laptops on a classified network with their internal wireless network cards still installed is a CAT I vulnerability.

A CAT II vulnerability severity code means any vulnerability that provides information that has a high potential of giving access to an intruder or gives an unauthorized person the means to circumvent security controls, such as leaving CAC cards unattended in computers.
A CAT III vulnerability code means any vulnerability providing information that could potentially lead to a compromise or unauthorized access. For instance, not having strong authentication on authorized wireless networks would be a CAT III vulnerability.

For more information on the inspection click here.