Michael Coughenour Lockheed Martin Rotary & Mission Systems (RMS) System Engineering Technologist

Similar documents
A Case Study of Changing the Tires on the Bus While Moving

Financial Audit and Cyber Security: FM Overlay and RMF

RMF Considerations for Navy Industrial Control Systems Track 4 Session 2 Jeff Johnson Naval District Washington August [XX], 2017

Our Acquisition Challenges Moving Forward

... I P ge 1of 7 I...

Administrative Change to AFRLI , Science and Technology (S&T) Systems Engineering (SE) and Technical Management

COI Annual Update: Guidance April 2017

DEFENSE ACQUISITION UNIVERSITY EMPLOYEE SELF-ASSESSMENT. Outcomes and Enablers

Space and Missile Systems Center

Models, Simulations, and Digital Engineering in Systems Engineering Restructure (Defense Acquisition University CLE011)

DoD Joint Federated Assurance Center (JFAC) Industry Outreach

Background T

Risk Management Framework Today

Defense Modeling & Simulation Verification, Validation & Accreditation Campaign Plan

Defense Acquisition Guidebook (DAG) Chapter 4 Systems Engineering Update: Overview Briefing

Technology & Manufacturing Readiness RMS

Update on R&M Engineering Activities: Rebuilding Military Readiness

Engineering Autonomy

Distribution Restriction Statement Approved for public release; distribution is unlimited.

Defense Security Service Industrial Security Field Operations

The Role of the Communities of Interest (COIs) March 25, Dr. John Stubstad Director, Space & Sensor Systems, OASD (Research & Engineering)

DoDI and WSARA* Impacts on Early Systems Engineering

COLLECTIVE PROTECTION

Lockheed Martin. An Overview of Partnering with Small Businesses

Digital Engineering Support to Mission Engineering

WSARA Impacts on Early Acquisition

Applying Open Architecture Concepts to Mission and Ship Systems

Enterprise ISEA of the Future a Technology Vision for Fleet Support

Systems Engineering Initiatives for Verification, Validation and Accreditation of DoD Models and Simulations

Michael Gaydar Deputy Director Air Platforms, Systems Engineering

Defense Microelectronics Activity (DMEA) Advanced Technology Support Program IV (ATSP4) Organizational Perspective and Technical Requirements

ALA s Core Competences of Librarianship

A Case Study to Examine Technical Data Relationships to the System Model Concept

Commodity Management in the Department of Defense

A FRAMEWORK FOR PERFORMING V&V WITHIN REUSE-BASED SOFTWARE ENGINEERING

CHAPTER 23 MASS COMMUNICATION SPECIALIST (MC) NAVPERS C CH-73

Program Success Through SE Discipline in Technology Maturity. Mr. Chris DiPetto Deputy Director Developmental Test & Evaluation October 24, 2006

Challenges and Innovations in Digital Systems Engineering

NIMS UPDATE 2017 RUPERT DENNIS, FEMA REGION IV, NIMS COORDINATOR. National Preparedness Directorate / National Integration Center.

SoSECIE Webinar. Welcome to the 2019 System of Systems Engineering Collaborators Information Exchange (SoSECIE)

IMPLEMENTING HSPD-12: A PROGRAM MANAGER S PERSPECTIVE

Analysis of Alternatives (AoAs) from a Cost Estimating Perspective

Model Based Systems Engineering (MBSE) Business Case Considerations An Enabler of Risk Reduction

SUBJECT: Army Directive (Acquisition Reform Initiative #3: Improving the Integration and Synchronization of Science and Technology)

SYSTEMS ENGINEERING MANAGEMENT IN DOD ACQUISITION

Technology Refresh A System Level Approach to managing Obsolescence

Rotorcraft Systems Engineering and Simulation Center

Hot Topics in Government Contracts, Mergers, Acquisition, and Transactions May 9, Crowell & Moring 1

Department of Defense Instruction (DoDI) requires the intelligence community. Threat Support Improvement. for DoD Acquisition Programs

USAF Digital Thread Initiative Overview

Essay Questions. Please review the following list of questions that are categorized by your area of certification. The six areas of certification are:

CHAPTER 20 CRYPTOLOGIC TECHNICIAN (CT) NAVPERS K CH-64

TECHNICAL AND OPERATIONAL NOTE ON CHANGE MANAGEMENT OF GAMBLING TECHNICAL SYSTEMS AND APPROVAL OF THE SUBSTANTIAL CHANGES TO CRITICAL COMPONENTS.

Technology Roadmapping. Lesson 3

How the U.S. Naval Air Systems Command is transforming its engineering workforce with MIT s Architecture and Systems Engineering Online Program

UNIT-III LIFE-CYCLE PHASES

NASA Office of the Chief Technologist

Day 1 Introduction to workshop topic

Stakeholder and process alignment in Navy installation technology transitions

National Incident Management System

New Development Bank Technical Assistance Policy

Workshop. Debbie Lilu, CTMA Director Bill Chenevert, Senior Program Manager Marc Sharp, Project Manager

Sustainable Development

Project Administration Instructions

A New Way to Start Acquisition Programs

PAR AG presentation. May ROCKVILLE PIKE ELEMENTARY & PRESCHOOL BUILDING

2017 NIMS Update. John Ford, National Integration Center

NORTHROP GRUMMAN CORPORATION (Exact name of registrant as specified in its charter)

Trends in the Defense Industrial Base. Office of the Deputy Assistant Secretary of Defense Manufacturing and Industrial Base Policy

Follow the Yellow Brick Road

Other Transactions (OTs) for Prototypes and the Information Warfare Research Project (IWRP) Consortium OT

Sypris Solutions, Inc. Conflict Minerals Report For the Period Ending December 31, 2013

TECHNICAL RISK ASSESSMENT: INCREASING THE VALUE OF TECHNOLOGY READINESS ASSESSMENT (TRA)

Aeronautics Research and Technology Roundtable. Steven Pennington October 10, 2013

Advancing the Use of the Digital System Model Taxonomy

Digital System Models: An Investigation of the Non-Technical Challenges and Research Needs

1 SERVICE DESCRIPTION

Privacy Policy SOP-031

Jerome Tzau TARDEC System Engineering Group. UNCLASSIFIED: Distribution Statement A. Approved for public release. 14 th Annual NDIA SE Conf Oct 2011

Technology Transition Assessment in an Acquisition Risk Management Context

Lean Enablers for Managing Engineering Programs

A Knowledge-Centric Approach for Complex Systems. Chris R. Powell 1/29/2015

Digital Product Definition Data Practices

Are Rapid Fielding and Good Systems Engineering Mutually Exclusive?

Policy Perspective: The Current and Proposed Security Framework

Controlling Changes Lessons Learned from Waste Management Facilities 8

Global Positioning Systems Directorate

Technical Debt Analysis through Software Analytics

UNCLASSIFIED. R-1 Program Element (Number/Name) PE F / NAVSTAR Global Positioning System (User Equipment) (SPACE) Prior Years FY 2013 FY 2014

The Naval Undersea Warfare Center Division Newport

Closing the Knowledge-Deficit in the Defense Acquisition System: A Case Study

Object-Oriented Design

RAPID FIELDING A Path for Emerging Concept and Capability Prototyping

Transitioning UPDM to the UAF

R&M: Critical to Success in a Technology Reliant World

WG food contact materials

Sensor Technologies and Sensor Materials for Small Satellite Missions related to Disaster Management CANEUS Indo-US Cooperation

The Army s Future Tactical UAS Technology Demonstrator Program

Systems Engineering Overview. Axel Claudio Alex Gonzalez

Prototyping: Accelerating the Adoption of Transformative Capabilities

Transcription:

A Systems Engineering approach to applying Risk Management Framework (RMF) for a successful program and a secure system a case study RMF is Not a 4-Letter Word Craig Covak Lockheed Martin Rotary & Mission Systems (RMS) Cybersecurity Functional Area Manager Craig.Covak@lmco.com Michael Coughenour Lockheed Martin Rotary & Mission Systems (RMS) System Engineering Technologist Mike.Coughenour@lmco.com DISTRIBUTION STATEMENT A. Approved for Public Release 16-MDA-8871 (30 September16). Distribution is unlimited.

Overview What it is What it is not BE SECURE 6 Steps Essential structure of RMF Systems Engineering Approach to RMF RMF Execution Action Plan Command & Control, Battle Management, and Communications (C2BMC) Joint Execution Process Parting Gems of Wisdom Credit where credit is due 2

What it is RMF Risk Management Framework New Accreditation (a.k.a. Authorization) construct Manage security risk at acceptable level More complex, much more granular Case study: 18 control families» 512 controls» 1927 Control Correlation Identifiers (CCIs) frame work (noun) Basic structure supporting a system to manage risk (security) Confidentiality, Integrity, Availability High Medium Low categorization for each tenet Case study: H-H-H Classified system Compliance evaluation of all CCIs required for final Authorization decision 3

What it is NOT pro cess (noun) a series of actions or steps taken in order to achieve a particular end DoD Information Assurance Certification and Accreditation Process (DIACAP) redefined A System Accreditation A Cyber issue RMF is a system-wide issue Involves all Functional Areas (FAs) Ex: Development, Networks, Systems Engineering, Operations & Maintenance, Program Management Office, Cyber A 4-letter word 4

If you don t want to avoid the pitfalls of securing your system feel free to leave now 5

6 Steps BE SECURE 6

Essential Structure of RMF System Categorization (e.g., Confidentiality, Integrity, Availability) Selection & assignment tailoring Control families» controls» control enhancements» CCIs (~2000) Access Control (AC) Awareness and Training (AT) Audit (AU) Security Assessment (CA) Configuration Management (CM) Contingency Planning (CP) Identification and Authentication (IA) Incident Response (IR) System Maintenance (MA) Control Families Media Protection (MP) Physical and Environmental (PE) Security Planning (PL) Program Management (PM) Personnel Security (PS) Risk Assessment (RA) System Acquisition (SA) System Communications (SC) System Integrity (SI) 7

SE Approach Project Planning It s Imperative to get management and key stakeholders buy-in to initiate RMF execution In order to successfully execute RMF for a system, a program needs to consider the entire development lifecycle Determine scope, schedule and budget This lifecycle begins with a solid plan that encapsulates FA team members that take into account the policy, engineering, development, testing, fielding, and sustainment efforts involved for RMF execution 8

SE Approach Requirements Definition Once the plan has been baselined, the engineering effort should be initiated with the longest lead time items - system specification requirements Identify technical, business/functional, levels of responsibility/pocs A few things to take into consideration include: Sunset old DIACAP requirements Traceability to enterprise (higher-level) specifications, policies Determining appropriate level for system specification requirements (controls vice CCIs) 9

SE Approach Design & Development As requirements are finalized, the engineering effort should continue with determination of approach & scope of effort for each RMF CCI This control determination flows down to FA assessment of each CCI as there is a one-tomany relationship It is highly recommended to involve your customer so that the assessment phase becomes a collaborative process. Assessment should determine appropriate stakeholders necessary to implement RMF for the program / system 10

RMF Execution Action Plan 1. Analysis Controls Determination Implementation Plan 2. Assessment CCI assigned to appropriate FAs for action RMF CCI spreadsheet estimates from each FA 3. Implementation CCI incorporated into applicable artifact(s) System Modification Requests (SMRs) for Element Specification (ES) requirements tested Control / CCI Burndown required for each execution step 11

Joint Execution Process 3 Implementation 1 2 Initial Analysis Assessment Not Applicable Document with Government concurrence Compliant Provide non technical /technical evidence Non-Compliant Brief Course Of Actions (COAs) for non technical / technical debt Government Review 1. Developer provides Spreadsheet for Government Review (Built incrementally and under RMF Coordination Control) 2. Government reviews Developer inputs prior to Meeting 3. Questions answered and exceptions Resolved in Meeting 4. Updates with concurrence flow back through appropriate Team Working Groups and back into Spreadsheet 12

Parting Gems of Wisdom A systems engineering approach will set the program on a good trajectory for successfully executing RMF These are a few lessons that we have learned upon embarking upon this journey to successfully execute RMF for C2BMC: Get others involved early and often Do not be afraid to chip away at the problem Iterations are necessary while moving through the lifecycle Take it one control family at a time Start today no better time than the present More are given in the detailed presentation 15:45 this afternoon 13

Credit where credit is due C2BMC Program Missile Defense Agency (MDA) / Engineering (BCE) Organization Lockheed Martin C4USS C4ISR & Undersea Systems RMS Rotary and Mission Systems Team Mates Lockheed Martin Boeing General Dynamic Northrop Grumman Raytheon 14

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback