Validated Architecture Design Review (VADR) Training

The VADR is an expert-based Operational Technology (OT) engagement that relies on Subject Matter Experts (SME) and utilizes federal and industry standards, guidelines, and best practices to perform the analysis. 

The VADR assessment team examines network architecture and design, reviews system configuration and log files, and analyzes network traffic.

• There are three main components to an onsite VADR engagement:
  
  • Design Architecture Review: VADR assessors validate the system’s process, components, boundaries, and communication paths.
  • Network Architecture Verification and Validation: VADR assessors review PCAP data with Asset-Owners to validate network diagrams and to identify anomalies or abnormal traffic.
  • Cybersecurity Spot Check: VADR assessors identify gaps between implementation and best practices in cybersecurity topics such as:
    
    • Network architecture and boundaries
    • Physical security
    • Configuration management
    • Account management
    • Recovery
    • Incident response
    • Detection and monitoring
    • Media
    • Staffing, HR, and contracts
    • Policies and plans
• VADR assessors use best practices, including the Purdue model, NIST 800-53, and the CISA Recommended Secure Architecture.
• The VADR is not intended to be a comprehensive audit; instead, VADR assessors identify the most significant weaknesses and make mitigation recommendations to improve an organization’s overall cybersecurity posture.

Learning Objective (LO)

Session 1 

• LO1: Describe the VADR Process
• LO2: Define ICS Terminology and Types 

Session 2

• LO3: Describe the Pre-Execution Methodology
• LO4: Conduct a Kickoff Call
• LO5: Perform Open-Source Intelligence
• LO6: Analyze Previously Captured Network Traffic

Session 3

• LO7: Describe the Methodology of the Execution Phase
• LO8: Discuss Basic Interviewing Techniques
• LO9: Conduct VADR Interviews
• LO10: Describe the Outbrief Process

Session 4

• LO11: Describe Post-Execution Activities