You work for a high-tech company with approximately 390 employees. Your firm recently won a large DoD contract, which will add 30% to the revenue of your organization. It is a high-priority, high-visibility project. You will be allowed to make your own budget, project timeline, and tollgate decisions.

This course project will require you to develop the proper DoD security policies required to meet DoD standards for delivery of technology services to the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency. To do this, you must develop DoD-approved policies and standards for your IT infrastructure (see the “Tasks” section below). The policies you create must pass DoD-based requirements. The organization currently does not have any DoD contracts and thus has no DoD compliant security policies or controls in place

Your firm's computing environment includes the following:

12 servers running Microsoft Server 2012 R2, providing the following:

Active Directory (AD)

Domain Name System (DNS)

Dynamic Host Configuration Protocol (DHCP)

Enterprise Resource Planning (ERP) application (Oracle)

A Research and Development (R&D) Engineering network segment for testing, separate from the production environment

Microsoft Exchange Server for e-mail

Symantec e-mail filter

Websense for Internet use

Two Linux servers running Apache Server to host your Web site

390 PCs/laptops running Microsoft Windows 7 or Windows 8, Microsoft Office 2013, Microsoft Visio, Microsoft Project, and Adobe Reader

Write a professional report that includes all of the below content-related items.

1. Create policies that are DoD compliant for the organization’s IT infrastructure. *Don’t just talk about them, actually create simple (just include basic to show understanding, e.g. headings with a few sentences below each) policies that you would need.

2. Develop a list of compliance laws required for DoD contracts. *simple bulleted list.

3. List controls placed on domains in the IT infrastructure. *outlines or tables are good here.

4. List required standards for all devices, categorized by IT domain. *tables are good here.

5. Develop a deployment plan for implementation of these polices, standards, and controls.

6. List all applicable DoD frameworks in the final delivery document