Security upgrade at Creech AFB

1. The 30th Reconnaissance Squadron (RS) at Creech Air Force Base (AFB) requires that the following objectives are achieved:

1.1. Provide positive entry and exit control mechanisms to SAPFs located on Creech AFB. The end result shall be compliance with DoD Manual 52025.7 Vol 1&3 requirements for physical access controls to SAPFs. Per DODM5205.7V3, facilities in which more than 25 individuals are assigned or work should rely on automated, centralized and accountable badging control systems for Special Access Programs (SAP) security standards. The program will also enable positive segregation of various programs into what are known as Special Access Program Compartmented Areas (SAPCA) within the larger SAPFs. Per DODM 5205.7V3 Encl.3 Sec.8.b., access control to SAPCAs can only be accomplished by electronic/mechanical devices. The contractor shall provide a quote that brings the facilities to the above mentioned standards based on the regulations and below mentioned parameters to provide robust and positive entry and exit control, monitoring and auditing of SAPFs on CAFB from a centralized location in the 432 WG Advanced Programs Office.

This is found on fbo.gov as solicitation FA4861-16-Q-C001. The text makes it sound like the mission is the same and that they are just improving security to get in compliance.

a reply to: gariac

Looks that way.

The government, after the OPM hack, has taken security a lot more seriously.

The F**C was very serious about security last time we bid a contract.

a reply to: grey580

Well the OPM was a cyber attack. This is physical security. Perhaps related, but not necessarily.

If I may grumble a bit about the contract, seriously guys, do you have to run Microsoft SQL? You can't run a free SQL on a BSD server?

originally posted by: gariac
a reply to: grey580

Well the OPM was a cyber attack. This is physical security. Perhaps related, but not necessarily.

If I may grumble a bit about the contract, seriously guys, do you have to run Microsoft SQL? You can't run a free SQL on a BSD server?

Poorly installed and secured databases on any platform are a problem. They should at least have run the Microsoft Baseline Security Analyzer over the installation (which I'm guessing, they didn't).

After they implemented HP's WebInspect at my last facility, they tore out all of the MySql middleware because they could not completely button down SQL Injection vulnerabilities. The security tools have become more important than the production tools, which thwarts the hackers but now requires deeper pockets.

originally posted by: charlyv
After they implemented HP's WebInspect at my last facility, they tore out all of the MySql middleware because they could not completely button down SQL Injection vulnerabilities. The security tools have become more important than the production tools, which thwarts the hackers but now requires deeper pockets.

But SQL injection should only be a problem if they expose the server to the outside world, AKA Internet.

I'm assuming they have a database of qualified badges. Maybe a pin per badge as well?

My recollection is the Nellis badges were 138kHz. I have a feeling this system is not going to use the existing common access cards.

originally posted by: gariac

originally posted by: charlyv
After they implemented HP's WebInspect at my last facility, they tore out all of the MySql middleware because they could not completely button down SQL Injection vulnerabilities. The security tools have become more important than the production tools, which thwarts the hackers but now requires deeper pockets.

But SQL injection should only be a problem if they expose the server to the outside world, AKA Internet.

I'm assuming they have a database of qualified badges. Maybe a pin per badge as well?

My recollection is the Nellis badges were 138kHz. I have a feeling this system is not going to use the existing common access cards.

True enough, however it implies that the inside of your house is squeaky clean as well. In today's world, it is highly doubtfull, and they are doing what they have to do.

I was browsing the FBO site today. Lots of surveillance upgrades and security system installations from all over.

Its probably just schedualed upgrades now that a certain time has expired from the last ones.

I doubt anything about this means anything. Might just be that time of the decade. Have to stay up to date and all.

originally posted by: tadaman
I was browsing the FBO site today. Lots of surveillance upgrades and security system installations from all over.

Its probably just schedualed upgrades now that a certain time has expired from the last ones.

I doubt anything about this means anything. Might just be that time of the decade. Have to stay up to date and all.

I generally search "99 cons" and AFTC, so I probably miss a lot. I also check Tonopah, but I doubt the USAF will ever let another Base Camp solicitation hit the Internet again.

a reply to: gariac

Then they need to move oporations into the heart. TTR.. Creech is along the I-95. I feel it is not a new craft, but a cold war tactic. Indian Springs is not the best choice on government owned land. Creech is eye distance on the way to Las Vegas.

Do they plan on relocating I-95 to accommodate?

Edit: Such as the new land grab that I call Peek'a'boo Peek?

originally posted by: Bigburgh
a reply to: gariac

Then they need to move oporations into the heart. TTR.. Creech is along the I-95. I feel it is not a new craft, but a cold war tactic. Indian Springs is not the best choice on government owned land. Creech is eye distance on the way to Las Vegas.

Do they plan on relocating I-95 to accommodate?

Edit: Such as the new land grab that I call Peek'a'boo Peek?

The USAF bought the private land on their side of 95. But if you look at the map, 95 is on military reservation land near Creech. I suppose they could reroute the highway.