Presentation is loading. Please wait.

Presentation is loading. Please wait.

Antiterrorism / Force Protection (AT/FP) Assessment Tool Training

Published by희라 자 Modified over 6 years ago

Similar presentations

Presentation on theme: "Antiterrorism / Force Protection (AT/FP) Assessment Tool Training"— Presentation transcript:

1 Antiterrorism / Force Protection (AT/FP) Assessment Tool Training
Module 1: Policy Drivers for MARMS & AT/FP Assessments Supporting Joint Staff J33 via US Army Armament, Research, Development and Engineering Center

2 Admin Notes Restrooms Parking Validation
Don’t park in “Alion” reserved spots Schedule Lunch Surveys & Training Certificates Introductions

3 Course Overview Scope Decomposing the policy drivers for AT/FP assessments and MARMS Secondary: Future implications to Mission Assurance (MA) assessments Delivery method: Lecture

4 Terminal Learning Objectives (TLO)
Understand the policy and operational drivers for the move to AT/FP risk assessments Understand the operational and policy drivers for MARMS Presentation References DoDI Vol DoD Antiterrorism Program Implementation - Change 1: Joint Publication Antiterrorism – Unified Facility Criteria DoD Security Engineering Facilities Planning Manual – DoDD Mission Assurance DoDI Defense Critical Infrastructure Program (DCIP) Management - Change 1:

5 Policy driver for AT risk assessments
DoD Ch 3, 2017 DoD Antiterrorism (AT) Program COCOMS & Services are required to: “Review AT programs and validate the thoroughness of the AT risk management methodology used to assess DoD elements and personnel criticality, terrorist threat, and vulnerabilities to make risk-based decisions for the application of appropriate countermeasures.” Requires use of DoD benchmarks to assess vulnerability (3.5.a (1)) Requires CJCS designates system of record (2.11) Requires commanders use the system of record (3.8.b (4)) DoDI O Ch 1, 2017 DoD AT Program Implementation: AT Standards “DoD elements must base their AT risk management procedures on the risk management methodology introduced in the MA Defense Critical Infrastructure Program (DCIP) risk management process outlined in DoDI and modeled in JP and the DoD ATO Guide.” DoD ATO Guide (in coord) ATOs establish a process that links the terrorist threat capabilities with vulnerabilities to assets, infrastructure, or personnel required for mission execution that the terrorist threat can exploit to produce countermeasures capable of reducing the terrorist threat risk.

6 Policy Drivers for Risk Process (TLO #1 & 2)
2012 Mission Assurance Strategy and 2016 Mission Assurance Assessments Concept of Operations Defines risk as a process integrating threat, vulnerability, consequence (criticality) Specifically includes installation-level AT/FP assessment as a required component of the MA construct DoDI and JP Describe the Risk=Threat*Criticality*Vulnerability process References UFC for threat and criticality ranking DOD ATO Guide, Ch 3 “ATOs establish a process that links the terrorist threat capabilities with vulnerabilities to assets, infrastructure, or personnel required for mission execution that the terrorist threat can exploit to produce countermeasures capable of reducing the terrorist threat risk.” Also addressed in DoDI in which MA benchmarks replace vulnerability assessments DoDI O v1&2 – Standard 3 Risk Assessment and supporting elements in Standards 4-6

7 Risk management process
Risk management process as outlined in and modeled in JP

8 Relationship with MA & MARMS (TLO #1 & 2)
2016 DoDD Mission Assurance Requires Components to “develop and implement a comprehensive and integrated MA risk-management construct” and “align associated security, protection, and risk management efforts under an MA construct.” 2018 J33 Mission Assurance System of Record Designation Establishes MARMS as the replacement for the Core Vulnerability Assessment Management Program (CVAMP) Also addressed in DoDI in which MA benchmarks replace vulnerability assessments DoDI O v1&2 – Standard 3 Risk Assessment and supporting elements in Standards 4-6

9 Why not vulnerability assessments?
Risk management has long been AT Standard #3 in DoDI , however the process & tool really focused on vulnerability Previous CVAMP assessments, while good for an installation to document vulnerability assessment results, made it very difficult to aggregate or roll-up enterprise or regional views to expose trends: Had little quantification of threats Had little standardization in asset categories Had no standardized relationships between benchmarks and threats Had minimal functionality to facilitate the Risk Management process, so results were difficult for leadership to assess where the greatest risks are, and make investment decisions

10 Why ‘new’ risk assessments?
The new method, better supports AT Standard #3 through: Benchmark focus: Walks assessors through benchmarks to provide leadership a more complete picture of security posture…not just identified observations Drives requirement for ‘thoroughness’ from DoD Standardization in threats & assets: Facilitates roll-ups and cross-unit reporting Standardized risk framework: Has common relationships that help users prioritize activities for their mitigation strategies Aggregated risk results: Inherently supports trend and risk analysis at the installation, regional, and enterprise level This will provide leadership with the data they need to make smart decisions on where best to reduce risk using limited dollars

11 Why use the new tool? New tool has efficiencies to assist users in executing a quality risk analysis Pushes baseline threat levels by region or allows HHQ to develop localized threat baselines to push to ATOs Helps commanders achieve AT Standard #2: Intel Support Allows ‘copy from’ to leverage previous assessments. HHQ can create ‘Templates’ for common sites Users can export benchmark questionnaires to an Excel spreadsheet for the other installation MA partners to complete their section, and import it back into the tool Tool performs the approved math and presents results graphically and textually in Word, Excel, and PowerPoint

12 Background on MARMS The Mission Assurance Risk Management System (MARMS) is a Joint Staff initiative, funded by DoD CIO and managed by the US Army Armament, Research, Development and Engineering Center (ARDEC) MARMS is a multi-year program that encompasses a family of systems that will be integrated as a part of MARMS Requirement Definition Package 1 The second of MARMS’ capability drops (CD2) provides assessment tools that: Provide ability to hold and update observations from vulnerability assessments currently in CVAMP Provide replacement risk-based capability to conduct AT/FP risk assessments Provide follow-on capability to do risk-based MA assessments

13 Timeline for Transition (TLO #2)
Phase 1 – Replace CVAMP & Provide AT/FP Risk Assessment Tool (Feb-Jun 2018) Cut-off of CVAMP data entry was 15 APR 2018, ‘released’ observations to migrate Account requests by 15 MAY 2018 (for accounts on turn-on date) Initial version must be operational in place by 1 JUN 2018 Provide management of migrated ‘observations’ from CVAMP Provide installation personnel a mechanism to facilitate risk-based AT/FP assessments Phase 2 – Mission Assurance Assessment Enhancements (Jun-Dec 2018) Frame Mission Assurance Assessments approach into assessment tool using guidance/input from DTRA JMAA teams Develop and incorporate full MA assessment capabilities for fielding, targeting 31 DEC 2018 Phase 3 – MARMS Enhancements (Jan-Sep 2019) Integration planning and execution with the MARMS Registry Push ‘asset criticality’ from authoritative sources to MA & AT/FP assessors Improved mission-risk analytics and dashboard capabilities Improved Geospatial Risk Visualization All development work on assessment tool complete by October 2019 CD2- Phase 1 CD2- Phase 2 CD2- Phase 3

14 Current Mission Assurance Assessment Strategy
Physical Security (PHYSEC) (Integrated Defense) Fire Prevention and Protection Antiterrorism Readiness Reporting Critical Program Information Protection Personnel Security (PERSEC) CBRN Survivability Emergency Management CBRNE Preparedness Cyber Security Energy Resilience Information Security (INFOSEC) Law Enforcement Continuity of Operations Insider Threat Munitions Operations Risk Management Industrial Security (INDSEC) Operations Security (OPSEC) Defense Critical Infrastructure Special Access Programs (SAP) Operational Energy Force Health Protection Adaptive Planning

15 Future Mission Assurance Assessment Strategy
Physical Security (PHYSEC) (Integrated Defense) Operations Security (OPSEC) Information Security (INFOSEC) Industrial Security (INDSEC) Critical Program Information Protection Special Access Programs (SAP) Personnel Security (PERSEC) Cyber Security Operational Energy Antiterrorism Insider Threat Law Enforcement CBRN Survivability Adaptive Planning Readiness Reporting Force Health Protection Munitions Operations Risk Management Fire Prevention and Protection CBRNE Preparedness Continuity of Operations Defense Critical Infrastructure Emergency Management Energy Resilience

Download ppt "Antiterrorism / Force Protection (AT/FP) Assessment Tool Training"

Similar presentations

Directions for this Template  Use the Slide Master to make universal changes to the presentation, including inserting your organization’s logo –“View”

Directions for this Template  Use the Slide Master to make universal changes to the presentation, including inserting your organization’s logo –“View”
DEFENSE SUPPORT OF CIVIL AUTHORITIES (DSCA)

DEFENSE SUPPORT OF CIVIL AUTHORITIES (DSCA)
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Personnel and Transfer Management (PTM). FOR PERSONNEL BEING TRANSFERRED Lack of automation in the transfer process leads to inefficiency Stress on the.

Personnel and Transfer Management (PTM). FOR PERSONNEL BEING TRANSFERRED Lack of automation in the transfer process leads to inefficiency Stress on the.
Building Disaster-Resilient Places STEP ONE – Forming a Collaborative Planning Team.

Building Disaster-Resilient Places STEP ONE – Forming a Collaborative Planning Team.
National Infrastructure Protection Plan

National Infrastructure Protection Plan
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Integration: Homeland Security Exercise and Evaluation Program (HSEEP) and Radiological Emergency Preparedness Program (REPP) Technological Hazards Divisions.

1 Integration: Homeland Security Exercise and Evaluation Program (HSEEP) and Radiological Emergency Preparedness Program (REPP) Technological Hazards Divisions.
1 U.S. ARMY CORPS of ENGINEERS Co locate DoD Agencies, WHS BRAC Recommendation #133 Implementation at Fort Belvoir, Virginia Fort Belvoir, Virginia TRI-Service.

1 U.S. ARMY CORPS of ENGINEERS Co locate DoD Agencies, WHS BRAC Recommendation #133 Implementation at Fort Belvoir, Virginia Fort Belvoir, Virginia TRI-Service.
Defense Critical Infrastructure Program (DCIP)

Defense Critical Infrastructure Program (DCIP)
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Security Controls – What Works

Security Controls – What Works
Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 

Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 
IS-0700.A: National Incident Management System, An Introduction

IS-0700.A: National Incident Management System, An Introduction
Army Doctrine Publication (ADP) 3-37; and Army

Army Doctrine Publication (ADP) 3-37; and Army
Opportunities & Implications for Turkish Organisations & Projects

Opportunities & Implications for Turkish Organisations & Projects
Enterprise Architecture

Enterprise Architecture
N EW Y ORK S TATE O FFICE OF E MERGENCY M ANAGEMENT Director Bill Davis.

N EW Y ORK S TATE O FFICE OF E MERGENCY M ANAGEMENT Director Bill Davis.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Your Partner in Disaster Response State of Alabama Governor’s Preparedness Conference April 2, 2014.

Your Partner in Disaster Response State of Alabama Governor’s Preparedness Conference April 2, 2014.

Similar presentations

Ads by Google