Listen to this Post
Introduction
Jordan’s National Cyber Security Center (NCSCJO) has approved the National Cybersecurity Strategy for 2025-2028, reinforcing the country’s commitment to building a robust cyber defense framework. This strategy aims to enhance national cybersecurity resilience through policy alignment, threat intelligence sharing, and workforce training. For IT professionals, this signals an increased focus on GRC (Governance, Risk, Compliance), incident response, and secure infrastructure development.
Learning Objectives
- Understand Jordan’s cybersecurity priorities under the new strategy.
- Learn key technical controls for national-level cybersecurity hardening.
- Explore cybersecurity training and policy enforcement mechanisms.
1. National Cybersecurity Policy Enforcement
Command: Audit Active Directory Compliance (Windows)
Get-ADOrganizationalUnit -Filter | Get-GPO -All | Select DisplayName, GPOStatus, GPOReport
What it does: Checks Group Policy Objects (GPOs) applied to Organizational Units (OUs) for compliance with security baselines.
How to use:
1. Run in PowerShell as Administrator.
2. Export results to CSV:
Get-ADOrganizationalUnit -Filter | Get-GPO -All | Export-Csv -Path "GPO_Audit.csv"
3. Verify alignment with NCSCJO policies (e.g., password complexity, encryption).
2. Threat Intelligence Sharing with NCSCJO
Command: Automate Log Submission (Linux Syslog)
rsyslogd -N 1 && logger -p authpriv.alert "Suspicious login attempt detected" | nc -w 3 ncsc.jo 514
What it does: Forwards security alerts to a national SIEM (like NCSCJO’s).
How to use:
1. Configure `/etc/rsyslog.conf` to forward logs:
. @@ncsc.jo:514
2. Test connectivity:
telnet ncsc.jo 514
3. Cloud Security Hardening (AWS/Azure)
Command: Enforce S3 Bucket Encryption (AWS CLI)
aws s3api put-bucket-encryption --bucket YOUR_BUCKET --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
What it does: Mandates AES-256 encryption for S3 buckets, aligning with Jordan’s data protection laws.
How to use:
1. Install AWS CLI and authenticate.
2. Apply to all buckets:
for bucket in $(aws s3 ls | awk '{print $3}'); do aws s3api put-bucket-encryption --bucket $bucket --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'; done
4. Vulnerability Management (Nmap + Metasploit)
Command: Scan for Critical Vulnerabilities
nmap -Pn --script vuln -T4 192.168.1.0/24 -oX scan_results.xml
What it does: Detects unpatched CVEs (e.g., Log4j, EternalBlue).
How to use:
1. Install Nmap:
sudo apt install nmap
2. Import results into Metasploit:
msfconsole -x "db_import scan_results.xml; vulns"
5. GRC Automation (OpenSCAP Compliance)
Command: Validate CIS Benchmarks (Linux)
oscap xccdf eval --profile cis_rhel8 --results scan_results.xml /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
What it does: Audits systems against CIS Level 1/2 benchmarks.
How to use:
1. Install OpenSCAP:
sudo dnf install openscap-scanner
2. Remediate failures:
oscap remediate --results scan_results.xml
What Undercode Say
- Key Takeaway 1: Jordan’s strategy emphasizes public-private collaboration, requiring enterprises to adopt NIST CSF or ISO 27001.
- Key Takeaway 2: Expect increased audits for critical infrastructure (energy, finance) using OSINT tools like Maltego.
Analysis:
The 2025-2028 strategy signals a shift toward proactive cyber defense, with NCSCJO likely mandating:
– Zero Trust Architecture (ZTA) for government networks.
– AI-driven SOCs leveraging MITRE ATT&CK for threat hunting.
– Bug bounty programs coordinated via HackerOne or YesWeHack.
Prediction
By 2026, Jordan will rank among the top MENA nations in cybersecurity maturity, driven by:
– Mandatory cyber drills for enterprises.
– Expanded CIIP (Critical Information Infrastructure Protection) laws.
– AI-powered national threat feeds integrated with INTERPOL’s Cybercrime Directorate.
For professionals, this means upskilling in GRC, cloud security, and threat intelligence—check NCSCJO’s training portal: https://ncsc.jo.
IT/Security Reporter URL:
Reported By: Mohammad M – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
