Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shift Left Feb 2013 Page-1 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Dr. Steven.

Published byEdwina Norman Modified over 9 years ago

Similar presentations

Presentation on theme: "Shift Left Feb 2013 Page-1 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Dr. Steven."— Presentation transcript:

1 Shift Left Feb 2013 Page-1 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Dr. Steven J. Hutchison Acting DASD(DT&E)/D,TRMC March, 2013

2 Feb 2013 Page-2 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Working with stakeholders to develop a persistent, rapidly composable, secure representation of the operational environment Test & Evaluation Operations PerformanceReliability DT&E for Complex Systems System Integration Labs Training Experimentation Modeling & Simulation JIOR JMETC InteroperabilityCybersecurity Cyber Range

3 Feb 2013 Page-3 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 DoD Acquisition Model

4 Feb 2013 Page-4 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Test, Evaluation, Certification Late to Need! DIACAP Security T&E

5 Feb 2013 Page-5 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 20-20 Hindsight What did we know? What did we test? To reduce discovery late in the acquisition lifecycle, test in mission context, against realistic threat, and….. Shift Left! DOT&E COCOM/Service Interop & IA Assessments Fielded systems: Interoperability issues IA vulnerabilities Compliance with IA Controls and Interoperability Standards and Profiles: necessary but not sufficient in an environment suited for that purpose

6 Feb 2013 Page-6 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Interoperability New CJCSI 6212 Language DOD Components will: –Ensure the Component Developmental Test and Evaluation (DT&E), Operational Test and Evaluation (OT&E) processes include mission-oriented NR KPP assessments DISA will –ensure JITC leverages previous, planned and executed DT&E and OT&E tests and results to support joint interoperability test certification and eliminate test duplication. –DASD(DT&E) shall approve Developmental Test and Evaluation plans in support of Joint Interoperability Test Certification as documented in the TEMP. –JITC shall advise DASD (DT&E) regarding the adequacy of test planning in support of Joint Interoperability Test Certification. Increase emphasis on interoperability testing during DT&E and visibility at Defense Acquisition Boards

7 Feb 2013 Page-7 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Information Assurance Policy

8 Feb 2013 Page-8 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Information Assurance Pending Revisions to DoD 8500 Adopt the term: “cybersecurity” Implement Risk Management Framework (RMF) instead of Mission Assurance Category/Confidentiality Level (MAC/CL) –new guidance from the National Institute of Standards and Technology (NIST) and Committee on National Security Systems Instruction (CNSSI) documents on cybersecurity Lexicon Changes –Certification and Accreditation becomes Assessment and Authorization –Designated Approving Authority (DAA) becomes Authorizing Official (AO) –Certifying Authority becomes Security Control Assessor –Threat: any event with potential to cause harm to the network –Vulnerability: absence/weakness of safeguards to protect the network –Risk: likelihood that a threat will realize or exploit a vulnerability Seeking to implement oversight of test planning in support of cybersecurity C&A(A&A)

9 Feb 2013 Page-9 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Cybersecurity DT&E Process Step 1 Understand Cybersecurity Requirements Step 2 Characterize Attack Surface Step 3 Understand Cybersecurity Kill Chain Step 4 Cybersecurity DT&E At Milestone A or B, with update at Milestone C: Understand system security requirements and develop an approach for cybersecurity DT&E. Beginning at MS B: Characterize the attack surface: assess cybersecurity in component and system integration testing. Post CDR: Assess cybersecurity of the system under test in a realistic mission environment; Blue Team testing to identify and mitigate known vulnerabilities; Red Team to identify potential exploits. Prior to MS C: Full-up cybersecurity DT&E in a realistic mission environment, with use of cyber range, CNDSP, and cyber threat representation

10 Feb 2013 Page-10 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Conclusion To ensure timely fielding of proven capabilities to the Warfighter … Shift Left! Improve production readiness Reduce discovery in IOT&E Improve acquisition outcomes

11 Feb 2013 Page-11 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Questions?

Download ppt "Shift Left Feb 2013 Page-1 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Dr. Steven."

Similar presentations

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
ERS Overview 5/15/12 | Page-1 Distribution Statement A – Cleared for public release by OSR, SR Case #s 12-S-0258, 0817, 1003, and 1854 apply. Affordable,

ERS Overview 5/15/12 | Page-1 Distribution Statement A – Cleared for public release by OSR, SR Case #s 12-S-0258, 0817, 1003, and 1854 apply. Affordable,
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.

4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.
1 May 2009 ver. 5.5 Materiel Development Decision (MDD) MDA: Approves AoA Study Guidance Determines acquisition phase of entry Identifies initial review.

1 May 2009 ver. 5.5 Materiel Development Decision (MDD) MDA: Approves AoA Study Guidance Determines acquisition phase of entry Identifies initial review.
Department of Defense Information Assurance Range: A Venue for Test and Evaluation In Cyberspace DISA-JITC/JTG1 August 2011 UNCLASSIFIED.

Department of Defense Information Assurance Range: A Venue for Test and Evaluation In Cyberspace DISA-JITC/JTG1 August 2011 UNCLASSIFIED.
SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.

SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.
Cybersecurity and the Risk Management Framework

Cybersecurity and the Risk Management Framework
Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,

Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015

CYBERSAFE Overview AFCEA C4ISR Symposium 28 April 2015
Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.

Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
IPv6 Testing Dr. Chuck Lynch Senior Partner SynExi, LLC 8/18/2015 © 2007 SynExi, LLC – All Rights Reserved SynExi Proprietary & Confidential 1.

IPv6 Testing Dr. Chuck Lynch Senior Partner SynExi, LLC 8/18/2015 © 2007 SynExi, LLC – All Rights Reserved SynExi Proprietary & Confidential 1.
A Combat Support Agency Defense Information Systems Agency Unified Capabilities Requirements (UCR) Overview Joint Interoperability Test Command.

A Combat Support Agency Defense Information Systems Agency Unified Capabilities Requirements (UCR) Overview Joint Interoperability Test Command.
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
NDIA SE Division Meeting February 13, 2013 1 Developmental Test and Evaluation Committee Beth Wilson, Raytheon Steve Scukanec, Northrop Grumman Industry.

NDIA SE Division Meeting February 13, Developmental Test and Evaluation Committee Beth Wilson, Raytheon Steve Scukanec, Northrop Grumman Industry.

Similar presentations

Ads by Google