AMIS Leads the Way with RF-ITV System Reaccreditation
Cybersecurity is changing in the Army, and the team developing and maintaining the Radio Frequency In-Transit Visibility (RF-ITV) System is leading the change management. In March 2014, the Department of Defense (DOD) formally issued instructions for transitioning to a new model for information technology system certification and accreditation, the Risk Management Framework (RMF) process, replacing the DOD Information Assurance Certification and Accreditation Process (DIACAP). Information Assurance (IA) has always been a priority for the RF-ITV managing office, Automated Movement and Identification Solutions (AMIS), so the RF-ITV program and system integrator were up to the challenge of adopting RMF from the start. AMIS is the first program to undertake this massive change in the process to accredit a system. The risk of not getting through RMF is simple: no Authority to Operate (ATO), no RF-ITV for the logistics community.
The RF-ITV team, along with the PEO EIS Information Assurance Program Manager (IAPM) team, attended an RMF early adopters’ sessions at Fort Huachuca, Arizona. The group learned to utilize a main tool in implementing the RMF policy, the Enterprise Mission Assurance Support Service, a service-oriented computer application that supports IA program management and automates the DIACAP process. A key change in the RMF process is the self-assessment — the system manager now assesses all security controls for compliance. After the initial self-assessment, the security control assessor-validator gains an understanding of the system’s IA posture by reviewing system IA documentation, acquires an understanding of the system’s implementation of operating procedures by interviewing people working the various IA roles, verifies the system configuration, meets applicable regulations by performing vulnerability scanning and, finally, evaluates and validates the security controls implemented by the system manager and writes a report, which authorizing officials use in the formal decision to grant an ATO. This process is critical in protecting information systems from cyber-attack. AMIS chose the RMF process, which becomes mandatory in 2017, opposed to DIACAP in order to maximize the timeframe the ATO would be valid. An IT system can't operate on the DOD network without being accredited.
The RF-ITV team was at a disadvantage as the first to go through the RMF process, as they lacked the benefit of lessons-learned or best practice recommendations from other programs. However, the outstanding effort made by the RF-ITV system integrator personnel combined with IAPM team guidance resulted in the three-year ATO, making the RF-ITV System the first to earn this certification within PEO EIS! The team also offered advice to those earning the new accreditation: start early and be prepared for the complexity of the process, which took at least six months longer than earning an ATO via the DIACAP process.
Related News
-
Coming Soon: GCSS-Army DISCOPS
October 9, 2024Modernized defense business systems are critical to readiness and lethality. Soldiers on the front lines need reliable, continually accessible and user-friendly web-based information and logistics systems that help them perform critical logistics functions. -
Improving Army operations with Integrated Business Planning Demand Planning
May 29, 2024In a strategic move aimed at enhancing Army demand planning and forecasting capabilities, in March 2024, the Logistics Modernization Program successfully implemented Integrated Business Planning (IBP) Demand Planning, replacing the existing Supply Chain Management Demand Planning system. -
GCSS-Army software testing: a look back at the Agile way ahead
March 13, 2024Well before the Army’s ongoing transition to Agile software development, U.S. Army Program Executive Office Enterprise Information Systems’ (PEO EIS) Global Combat Support System – Army (GCSS-Army) product office saw a need to shorten the software testing timeline.
Work for Us
Join a winning team! Search for job opportunities with PEO Enterprise.
Work with Us
Help support important missions. Explore ways your company can work with PEO Enterprise.