Download PDF - Department of Navy Chief Information Officer - U.S. ...

More documents

Recommendations

Info

CAST requirements include the ability to collect metrics onall aspects of processing and management of C&A informationso that a continuous process improvement program can be supportedas the nature and requirements associated with C&Acontinue to evolve.With CAST, automating major DIACAP requirements will bemet for all information systems, including information technologysystems; networks; circuits; sites; infrastructures; enclaves;and environments and assets that require security certificationand accreditation within the DON, regardless of current accreditationstatus.Specific goals for CAST include:Ensuring IA is built in from the concept stage through the lifecycle;Accounting for inheritance of information assurance controls;Enforcing annual reviews for all systems and sites; andProviding enterprise-wide visibility into security posture andrisk.By facilitating standardization and quality improvement forC&A packages from the initiation of the process, significantreductions in review times, rework and learning curves are expectedimmediately.In addition, early collaboration by stakeholders will ensureadequate identification and resolution of security risk issuesearly in the process and not later during formal C&A reviews.Once the CAST procurement award is made, the tool will beinitially implemented during a pilot phase with the objectiveof testing processes, procedures and templates. The pilot willbuild the necessary databases, verify process steps and propertool configuration, conduct test and evaluation, and processselected DIACAP C&A packages to verify tool effectiveness in acontrolled environment.TrainingAt the same time, training will be provided to the C&A communityon the tool and detailed DON processes and policies. It isexpected that training will be an ongoing requirement throughoutthe life of CAST. Once CAST is fully implemented, DIACAPtraining will target personnel performing activities in the threemain tiers of the C&A process: package creation, review andapproval.Training will focus on required tasks and how to performthese using the tool. Each tier of training will contain an overviewof the DON process flow and build upon the activities accomplishedby all members of the C&A team.Since transition from DITSCAP to DIACAP will be gradual overthe next three years, there is a phasing out of systems’ C&Adocumentation from DITSCAP to DIACAP. The DIACAP transitionteam will provide subject matter experts to support programand system managers, as well as IA managers, in planning eachsystem transition to DIACAP. This will include assistance in developingtransition plans and answering any related questions.Finally, because systems will begin transitioning to DIACAPprior to full implementation of the DON automated tool, allsubmissions of C&A packages will continue using existing C&Apackage systems in the near term.The transition to DIACAP is great news for DoD and DON systemdevelopers, program managers and security managers!Additional InformationThe C&A process has undergone major changes over the last severalyears. These were driven by increased awareness of security vulnerabilities,shrinking resources and the pressing operational need tofield new and improved capabilities to support the warfighter.The movement from DITSCAP to DIACAP has provided an opportunetime to both automate and standardize the entire end-to-end C&Aprocess to conserve resources and ensure security risk is managed atacceptable levels.To stay abreast of the information being developedduring this transition time, readers are encouraged to periodically accessthe DON CIO Web site at www.doncio.navy.mil.For now, programs desiring to make use of DIACAP templates canaccess them from the Fleet Forces Web site under the View All SiteContents/Documents tab on the left side of the page at https://www.fleetforces.navy.mil/netwarcom/navycanda/default.aspx.For the Marine Corps, users can access the Marine Corps XactaInformation Assurance Manager tool available at https://hqtelosweb.hqmc.usmc.mil/.The primary contact for DITSCAP to DIACAP transition technicalsupport can be reached by e-mail at SPSC-DON-DIACAP@navy.mil.Secondary contacts for transition technical support are:Navy - Operational Designated Approving Authority (ODAA) - e-mail: Navy_ODAA@navy.mil or (757) 417-6719 x0.Marine Corps - Programs of record (not yet fielded), contact the MarineCorps Systems Command (Systems Engineering, Interoperability,Architectures & Technology (SIAT)) at (703) 437-3824.All other systems (including fielded programs of record), contactthe Marine Corps Enterprise Network Designated Approving Authority(MCEN DAA) by e-mail: M_MCEN_DAA@usmc.mil or (703) 693-3490.Resources• DON DITSCAP to DIACAP Transition Guide, version 1.1, June 9,2008 - under the Information Assurance topic area at www.doncio.navy.mil.• DON DIACAP Handbook, version 1.0, July 21, 2008 - under the InformationAssurance topic area at www.doncio.navy.mil.•DoD Instruction 8510.01, DoD Information Assurance Certificationand Accreditation Process (DIACAP), Nov. 28, 2007 - www.dtic.mil/whs/directives/corres/pdf/851001p.pdf.• Secretary of the Navy Manual, SECNAV M-5239.1, Information AssuranceManual, November 2005 - http://doni.daps.dla.mil/SECNAV%20Manuals1/5239.1.pdf.• DoD Directive 8500.01E, Information Assurance (IA), Oct. 24, 2002 -www.dtic.mil/whs/directives/. Certified as current April 23, 2007.• DoD Instruction 8500.2, Information Assurance (IA) Implementation,Feb. 6, 2003 - www.dtic.mil/whs/directives/corres/pdf/850002p.pdf.Ms. Yuh-Ling Su is the DON DIACAP transition assistant program managerunder PMW 160.40 CHIPS www.chips.navy.mil Dedicated to Sharing Information - Technology - Experience
Evolution and revolution arevery different processes …Adm. Vern Clark wrote about"revolution" while serving asChief of Naval Operations.Today, the retired CNO still refers to revolutionwhen publicly speaking about hisefforts to change and improve businessprocesses within the Navy. He confessedthat, even as the second longest servingCNO, he didn’t have time for “evolution,”which is why he unapologetically choserevolution.Evolution and revolution are very differentprocesses. While evolution is aprocess of gradual and relatively peacefulsocial, political or economic advance,revolution is a sudden, radical and absolutechange.Evolution in business processes providestime for people to accept slow methodicalchanges. On the other hand, revolutionis generally difficult for people toaccept due to rapid change and is oftenviewed negatively.Revolution is used to describe changein many business processes. In fact, moderncomputers and software are results ofa revolution that led to the Silicon Valleyhigh-tech empires in Northern California.The convergence of cellular technology,the Global Positioning System (GPS)and a long list of services, technologiesand devices are setting the stage for awireless revolution that will influence ourpersonal lives, business processes and thecapabilities of the Marine Corps and Navy,in such a way not seen since the introductionof modern warfare.The Marine Corps and Navy have globalresponsibilities, and they require a significantnumber of radio frequencies toconduct their worldwide operations. Allradio frequencies are recognized by internationallaw as belonging to each andevery nation.U.S. forces face access issues in eachcountry in which they operate due tocompeting civilian or government usersof national spectrum allocations. For example,when the Marine Corps and Navyare operating in Japan, the Japanese governmentregulates the radio frequenciesU.S. naval forces can use. The same is truefor Australia, Republic of Korea and allsovereign nations.But even though radio frequencies areallocated, a large portion of the assignedspectrum is used sporadically, and thereare wide variations in the use of assignedspectrum. The limited available spectrumand the inefficiency of its usage demandsa new methodology to exploit existingwireless spectrum "opportunistically."The wireless revolution is just beginning.A number of radical changes in theuse of the electromagnetic spectrum, orradio frequencies, will soon have “dynamic”effects on naval capabilities. DynamicSpectrum Access (DSA) refers to radiosand other wireless capabilities that dynamicallyadjust to the spectrum environmentand access radio frequencies thatare unused or underused.Access to spectrum, along with the correspondingcapabilities and bandwidthmay, by today’s standards, be almost limitless.The Defense Advanced ResearchProjects Agency (DARPA) has developedDSA capability known as "Next Generation"or "XG," which promises significantbenefits to forward deployed Marinesand Sailors. Commercial companies arealso developing DSA capabilities.The goals of the XG program are todevelop both the enabling technologiesand system concepts, along with newwaveforms to provide dramatic improvementsfor assured military communicationsin support of worldwide operations,according to DARPA.The XG program approach plans to investigatemethods to leverage the technologybase in microelectronics, withnew waveforms and medium access andcontrol protocol technologies, to constructan integrated system.The proposed program goals are to develop,integrate and evaluate the technologyto enable equipment to automaticallyselect spectrum and operating modes tominimize disruption to existing users andto ensure that U.S. forces can fully exploittheir superiority and investment in informationtechnology.DSA will revolutionize naval wirelesscapabilities by providing greater access tolimited spectrum resources. Today, thereare considerable obstacles to employingDSA. International and national spectrumgoverning bodies control spectrum usethrough rigid radio frequency allocationsthat often result in one frequency perwireless use.The benefits of DSA to the MarineCorps and the Navy will be impressive,but changes to national and especiallyinternational spectrum governance areinexplicably slow.The DON Spectrum Team is "plottinga spectrum revolution," and we are notalone. We are part of a global spectrumrevolutionary movement of industry, privateconsortia and other progressive nationson the leading edge of technology.A revolution is seldom accomplishedalone.For more information, please go to the DON CIOWeb site at www.doncio.navy.mil, or contact theteam at DONSpectrumTeam@navy.mil.CHIPS October – December 2008 41
Page 2 and 3: CHIPS October - December 2008Volume
Page 4 and 5: Editor’s NotebookThis issue we fe
Page 6 and 7: Talking with Rear Admiral Wendi B.
Page 8 and 9: in less of a production role and mo
Page 10 and 11: "The Navy has conducted irregular w
Page 12 and 13: and Preventive Medicine; and Joint
Page 14 and 15: We are also working on patient trac
Page 16 and 17: Empowering the Information Systems
Page 18 and 19: "The good thing about the ENMS syst
Page 20 and 21: “We Will Never Forget”Pentagon
Page 22 and 23: SSC Atlantic Commissioned in Charle
Page 24 and 25: SSC Pacific’s Josh CaplanReceives
Page 26 and 27: Welcome to SSC Atlantic’s New Orl
Page 28 and 29: SSC Atlantic sites partner to provi
Page 30 and 31: Presenting SSC Pacific: A new name
Page 32 and 33: constraints associated with smaller
Page 34 and 35: End-to-End Systems Engineering LabS
Page 36 and 37: SSC Norfolk Workforce Excellence Co
Page 38 and 39: DON DIACAP TransitionTransitioning
Page 42 and 43: Success Stories from Naval Surface
Page 44 and 45: SWE Takes Action in Supportof Surfa
Page 46 and 47: of ownership of the process stalled
Page 48 and 49: Data as a ServiceThe new paradigm f
Page 50 and 51: encouraging the reuse of informatio
Page 52 and 53: Operationalizing Military Support t
Page 54 and 55: DoD ESI Celebrates its 10th Anniver
Page 56 and 57: and conditions pre-negotiated with
Page 58 and 59: Navy Ship-to-Shore via Wireless Con
Page 60 and 61: Navy Warfare Training SystemBy U.S.
Page 62 and 63: endeavor and worth the coordination
Page 64 and 65: Tackling one of the most critical a
Page 66 and 67: 5. Which of the following is the mo
Page 68 and 69: you are searching while the rootkit
Page 70 and 71: MercuryMercury Software - Provides
Page 72 and 73: Quest ProductsQuest Products - Prov
Page 74 and 75: Office SystemsAdobeAdobe Products -

Download PDF - Department of Navy Chief Information Officer - U.S. ...

Create successful ePaper yourself

Delete template?

Save as template?