Shift Left Feb 2013 Page-1 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Dr. Steven.

Slides:



Advertisements
Similar presentations
METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
Advertisements

ERS Overview 5/15/12 | Page-1 Distribution Statement A – Cleared for public release by OSR, SR Case #s 12-S-0258, 0817, 1003, and 1854 apply. Affordable,
BENEFITS OF SUCCESSFUL IT MODERNIZATION
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.
1 May 2009 ver. 5.5 Materiel Development Decision (MDD) MDA: Approves AoA Study Guidance Determines acquisition phase of entry Identifies initial review.
Department of Defense Information Assurance Range: A Venue for Test and Evaluation In Cyberspace DISA-JITC/JTG1 August 2011 UNCLASSIFIED.
SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.
Cybersecurity and the Risk Management Framework
Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015
Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
IPv6 Testing Dr. Chuck Lynch Senior Partner SynExi, LLC 8/18/2015 © 2007 SynExi, LLC – All Rights Reserved SynExi Proprietary & Confidential 1.
A Combat Support Agency Defense Information Systems Agency Unified Capabilities Requirements (UCR) Overview Joint Interoperability Test Command.
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
NDIA SE Division Meeting February 13, Developmental Test and Evaluation Committee Beth Wilson, Raytheon Steve Scukanec, Northrop Grumman Industry.
A Combat Support Agency Defense Information Systems Agency Expanding Non-DOD Partnerships 17 August 2011.
Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
NIST Special Publication Revision 1
Move over DITSCAP… The DIACAP is here!
Chapter Three IT Risks and Controls.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
DEVELOPMENTAL TEST & EVALUATION DT&E – From Concept to Combat Integrated Test Process Darlene Mosser-Kerner Developmental Test & Evaluation OUSD(AT&L)/Systems.
IRM304 CDR Course Manager: Denny Involved Competency Leads: 26 (Cybersecurity)-Denman, 19 (Measurement)-Denny, 7 (DBS)-Corcoran [Capability Planning],
Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.
DOD SOFTWARE ASSURANCE INITIATIVE: Mitigating Risks Attributable to Software through Enhanced Risk Management Joe Jarzombek, PMP Deputy Director for Software.
Defense Security Service Joint Industrial Security Awareness Council March 20, 2015.
UNCLASSIFIED DISTRIBUTION STATEMENT A – Cleared for public release by OSR on Sep – SR case number 10-S-3203 Developmental Test & Evaluation Presented.
0 2 Nov 2010, V1.4 Steve Skotte, DAU Space Acquisition Performance Learning Director New Space Systems Acquisition Policy.
Materiel Development Decision (MDD) Information Requirements
DON Acquisition and Capabilities Guidebook. (22 Dec 03 Clean Draft)
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
UNCLASSIFIED The Open Group 01/07/10 Page-1 Kick-off Meeting for The Open Group Acquisition Cyber Security Initiative Ms. Kristen Baldwin Director, Systems.
Cybersecurity & Acquisition Lifecycle Integration Tool (CALIT)
ICOTE Meeting October, Chief Developmental Tester Project Status for ICOTE October 2014 Brendan Rhatigan – Lockheed Martin.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Quality Management System Deliverable Software 9115 revision A Key changes presentation IAQG 9115 Team March 2017.
The Risk Management Framework (RMF)
Cybersecurity and Acquisition Lifecycle Tool (CALIT)
Cybersecurity Pre-work Assignment Please read these slides as pre-work TST 204 Pre-work Reading Assignment March, 2014 version          
BruinTech Vendor Meet & Greet December 3, 2015
JU September Stakeholder Engagement Conference Webinar #1
Defense Information Systems Agency A Combat Support Agency
Cybersecurity and the Risk Management Framework
Figure 3: TSN Analysis Methodology
Cumulative IOT&E Results Through FY 2008
Improving Mission Effectiveness By Exploiting the Command’s Implementation Of the DoD Enterprise Services Management Framework - DESMF in the [name the.
These slides used to be a Cybersecurity Pre-work Assignment (No longer a Pre-work Assignment) TST 204 Pre-work Reading Assignment March, 2014 version.
ATD session 2: compliancy versus mission assurance
Information Required for Milestone and Decision Reviews
Cyber defense management
Threat Systems Management Office (TSMO)
13 November 2018.
#IASACFO.
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Cybersecurity compliance for attorneys
OPERATIONAL TEST & EVALUATION CHALLENGES
Cybersecurity ATD technical
Stakeholder Context Diagram
Perspectives on Transforming DT and OT Industry-Government Roundtable
Capabilities Briefing
JTAMS Post-Milestone C Analysis
*Separate register for CTF at:
Presentation transcript:

Shift Left Feb 2013 Page-1 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Dr. Steven J. Hutchison Acting DASD(DT&E)/D,TRMC March, 2013

Feb 2013 Page-2 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Working with stakeholders to develop a persistent, rapidly composable, secure representation of the operational environment Test & Evaluation Operations PerformanceReliability DT&E for Complex Systems System Integration Labs Training Experimentation Modeling & Simulation JIOR JMETC InteroperabilityCybersecurity Cyber Range

Feb 2013 Page-3 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 DoD Acquisition Model

Feb 2013 Page-4 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Test, Evaluation, Certification Late to Need! DIACAP Security T&E

Feb 2013 Page-5 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S Hindsight What did we know? What did we test? To reduce discovery late in the acquisition lifecycle, test in mission context, against realistic threat, and….. Shift Left! DOT&E COCOM/Service Interop & IA Assessments Fielded systems: Interoperability issues IA vulnerabilities Compliance with IA Controls and Interoperability Standards and Profiles: necessary but not sufficient in an environment suited for that purpose

Feb 2013 Page-6 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Interoperability New CJCSI 6212 Language DOD Components will: –Ensure the Component Developmental Test and Evaluation (DT&E), Operational Test and Evaluation (OT&E) processes include mission-oriented NR KPP assessments DISA will –ensure JITC leverages previous, planned and executed DT&E and OT&E tests and results to support joint interoperability test certification and eliminate test duplication. –DASD(DT&E) shall approve Developmental Test and Evaluation plans in support of Joint Interoperability Test Certification as documented in the TEMP. –JITC shall advise DASD (DT&E) regarding the adequacy of test planning in support of Joint Interoperability Test Certification. Increase emphasis on interoperability testing during DT&E and visibility at Defense Acquisition Boards

Feb 2013 Page-7 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Information Assurance Policy

Feb 2013 Page-8 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Information Assurance Pending Revisions to DoD 8500 Adopt the term: “cybersecurity” Implement Risk Management Framework (RMF) instead of Mission Assurance Category/Confidentiality Level (MAC/CL) –new guidance from the National Institute of Standards and Technology (NIST) and Committee on National Security Systems Instruction (CNSSI) documents on cybersecurity Lexicon Changes –Certification and Accreditation becomes Assessment and Authorization –Designated Approving Authority (DAA) becomes Authorizing Official (AO) –Certifying Authority becomes Security Control Assessor –Threat: any event with potential to cause harm to the network –Vulnerability: absence/weakness of safeguards to protect the network –Risk: likelihood that a threat will realize or exploit a vulnerability Seeking to implement oversight of test planning in support of cybersecurity C&A(A&A)

Feb 2013 Page-9 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Cybersecurity DT&E Process Step 1 Understand Cybersecurity Requirements Step 2 Characterize Attack Surface Step 3 Understand Cybersecurity Kill Chain Step 4 Cybersecurity DT&E At Milestone A or B, with update at Milestone C: Understand system security requirements and develop an approach for cybersecurity DT&E. Beginning at MS B: Characterize the attack surface: assess cybersecurity in component and system integration testing. Post CDR: Assess cybersecurity of the system under test in a realistic mission environment; Blue Team testing to identify and mitigate known vulnerabilities; Red Team to identify potential exploits. Prior to MS C: Full-up cybersecurity DT&E in a realistic mission environment, with use of cyber range, CNDSP, and cyber threat representation

Feb 2013 Page-10 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Conclusion To ensure timely fielding of proven capabilities to the Warfighter … Shift Left! Improve production readiness Reduce discovery in IOT&E Improve acquisition outcomes

Feb 2013 Page-11 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.