Hill scores high marks on CCRI

  • Published
  • By Kendahl Johnson
  • 75th Air Base Wing Public Affairs

Hill Air Force Base received an excellent rating on its recent Command Cyber Readiness Inspection.

The inspection is administered by the Defense Information Systems Agency (DISA) and determines Hill’s authority to operate the network. According to inspection leads Scott Stein and Amber Poll of the 75th Communications and Information Directorate, Hill’s passing score was among the highest scores given in several years.

“Our team did awesome,” Poll said. “Our score was the best we could have ever hoped to see.  We covered everything we needed to cover and to get anything higher would almost have been impossible.  Kudos to everyone in SC who put forth a herculean effort to get through this inspection.”

Hill is rebounding from a minor setback in 2022 when the base failed its CCRI inspection by the narrowest of margins.  Coupled by a two-year Data Center contract protest, SC only had four months to prepare the new contractors and remediate past and current findings.

According to Stein, it’s a very challenging and rigorous inspection with very stringent requirements.

“It is a difficult inspection to get through,” Stein said. “We took a hard look at our processes and determined what we needed to improve.  We’ve worked the last months with a lot of gusto and I am very proud of what we accomplished.”

The main purpose of the inspection is to increase accountability and improve overall security posture. There are three graded areas: Technical, Computer Network Defense (CND), and Contributing Factors.

Technical covers about 60 percent of the score and measures things like network infrastructure, web server, database server, and network vulnerabilities.  CND directives is 30 percent of the score and looks at areas like scanning and remediation. Contributing Factors looks at culture, capability, and conduct and is 10 percent of the score.

Stein said maintaining cyber readiness at Hill is especially challenging because of its size. There are more than 22,000 users, an enterprise data center with approximately 1200 servers, and a need to ensure all software is updated and all devices, servers and workstations are free from vulnerabilities. 

“It is a big base with a lot of moving parts,” he said. “There are a lot of people here using systems that span a lot of technology. It was challenging, but we all came together, stepping up and working hard to get us where we needed to be. Our teams did an amazing job.”

Stein said the CCRI is a no or short notice inspection, so they can’t relax just because this inspection is over.

“The CCRI is a very intensive look into cyber security posture, but we have to maintain this security posture all the time,” he said.