CJCSM 6510.01B
10 July 2012
A-8 Enclosure A
these activities with notification to command and decision-makers so they can
develop an appropriate response. AS&W is enabled through a managed
network of intrusion, misuse, and anomaly detection systems, supporting data
fusion and analysis, diagnostics, long-term trend and pattern analysis, and
warning communications channels and procedures.
(4) I&W data gives the Department of Defense the ability to sense
changes in adversary activities. I&W includes those intelligence activities
intended to detect and report time-sensitive intelligence information on foreign
developments that could involve a threat to the United States or allied military,
political, or economic interests or to U.S. citizens abroad. The IC provides I&W
for foreign threats from nation states and transnational groups.
(5) The LE community investigates criminal activity and disseminates
threat data that may pertain to domestic or foreign individuals and groups who
constitute threats to the Department of Defense. The CI community conducts
investigations, collections, operations, functional services, and analysis that
may result in the dissemination of threat data relative to information gathered
and cyber activities conducted to protect against espionage, other intelligence
activities, sabotage, or assassinations by or on the behalf of foreign
governments or elements thereof, foreign intelligence and security services,
foreign organizations, foreign persons, or international terrorist activities.
d. CND Response Services
(1) CND response services include the actions taken to report, analyze,
coordinate, and respond to any event or cyber incident for the purpose of
mitigating any adverse operational or technical impact.
(2) Cyber incident reporting includes a well-defined framework for the
timely reporting of any cyber event or incident. The report provides an
accurate, meaningful, and complete understanding of the cyber incident from
initial detection to analysis and remediation. This information feeds into the
User-Defined Operational Picture, which provides local, intermediate, and DoD-
wide situational awareness of CND actions and their impact.
(3) Cyber incident analysis identifies several critical elements of an
incident to determine and characterize its possible effects on DoD information
networks, operational missions, and other defense programs. This activity
relies on effective acquisition, preservation, and timely reporting of cyber
incident data.
(4) Cyber incident response includes the coordinated development and
implementation of courses of action (COAs) that focus on containment,
eradication, and recovery. At the same time, it ensures the acquisition and