Rules & Guidelines

This is an initial draft of guidelines and may be changed at the discretion of competition organizers.

Update – 3/12/18
Green team user manual requirements have changed. Please check your email for specific details.

These guidelines create an even playing field for this competition amongst all competitors. This ensures that each team participates under the same circumstances and receives an opportunity to succeed. Failure to comply with the guidelines of the competition may lead to penalization of points or disqualification based on the offense. Egregious offenses may result in ejection from the competition. If you see a breach of competition guidelines, please feel free to reach out to competition staff via email if you would like to remain anonymous. Additionally, if it is illegal in nature then it is also against the competition guidelines.


  • Each team must have 4-6 students.
  • One faculty mentor must be present at the national laboratory the day of the competition. In the case that a faculty member cannot attend, an appropriate chaperone will be discussed on a case by case basis.
  • Faculty members cannot provide any assistance to their teams on the day of the competition. Any teams receiving help from mentors will be warned and penalized points on the first offense, and disqualified after a subsequent offense.
  • Teams are required to have the following services active at all times, unless noted:
    • Website/Web Server
    • Help Desk
    • Email Server
    • File Server
    • Active Directory Server
    • Secure Shell
    • Human Machine Interface (HMI), and
    • Industrial Control System (ICS).
  • Team documentation (white and green) is due to by no later than March 30, 2018 at 11:59pm CT. Early submission is encouraged, as teams will receive feedback. Any documentation submitted after will have a reduction in points.
  • Additional operational rules and team-related rules will be provided once a team has been selected.

Updates to Guidelines

  • Any update to guidelines and rules can be found on the Cyber Defense website under the Guidelines Tab. There will be periodic emails containing updated and pertinent information to the competition. It is each team’s responsibility to look for any updates or changes.

The Don’ts

  • Do not create more than 10 machines in your environment. White team will delete the last machine created if more than 10 machines are made.
  • Do not change any standard port numbers for scored services.
  • Do not change any IP that is provided – this will lock you out of your box.
  • Do not change or upgrade any OS that is provided.
    • Provided infrastructure must stay at:
      • Web – Centos 7
      • File/Database – Ubuntu 16.04
      • HMI – Ubuntu 16.04
  • Do not change or delete any user information provided.
  • Do not utilize any software that requires a paid license. All software must be open source and free. Trial versions are acceptable.
  • Do not physically tamper with any other team’s physical devices.
  • Do not perform offensive actions toward other teams or the competition network.
  • Do not touch the box or any configurations for the Scoreboard or VPN.

The Do’s

  • Do set up and maintain DNS, LDAP, Email, Help desk, NTP, and your security.
  • Do create innovative defense strategies, but keep in mind the requirements of open source.
  • Do provide consistent site functionality throughout the competition.
  • Do create minimally 30 users/employees in your LDAP. Ensure to clearly document and provide those usernames and passwords in your Green Team documentation.
  • Do clearly document any changes to user passwords.
  • Do input the scored services into the Scoreboard and White Team documentation prior to competition day.
  • Do submit your White Team, Green Team, and Creativity Documentation by March 30, 2018 by 11:59pm CT.
Rules & Guidelines Sidebar