Cybersecurity Test and Evaluation Process

Cybersecurity Test and Evaluation Process

June 2018

CLEARED for Open Publication, August 06, 2018, DoD Office of Prepublication and Security Review, Case #18-S-1977

Agenda

? Cybersecurity T&E Introduction ? Cybersecurity T&E Policy ? Cybersecurity T&E Process ? Cybersecurity T&E in the TEMP ? Cyber Ranges ? Cybersecurity T&E Guidebook

CLEARED for Open Publication, August 06, 2018, DoD Office of Prepublication and Security Review, Case #18-S-1977 2

Introduction

? Many DoD systems have not proven to be cyber secure

? Year after year DOT&E assessments have shown that systems remain vulnerable

? Security controls programs, such as the Risk Management Framework (RMF), are necessary but not sufficient

? These compliance measures do not adequately address threat tactics and capabilities

? These controls are frequently considered late in development

? Mission risk and operational resilience have not been properly addressed in controls based security

? There is a need for a more robust cybersecurity process

? Establishing thorough cybersecurity requirements ? Engineering cybersecurity into the system as opposed to adding it late ? Thoroughly testing and evaluating systems and providing feedback to the

development engineers for action

? This brief describes the Cybersecurity T&E process

CLEARED for Open Publication, August 06, 2018, DoD Office of Prepublication and Security Review, Case #18-S-1977

3

Cybersecurity T&E Process

PHASES

MDD

MS A

Dev RFP

CDD Validation

Release Decision

MS B

IATT

ATO

MS C

Full Rate Production Decision Review

Materiel Solution

Technology

Analysis Maturation & Risk

Reduction

DRAFT CDD

PDR CDD

Engineering & Manufacturing

Development

Production & Deployment

OTRR IOT&E

CDR TRR

CPD

Operations & Support

Lower Fidelity

Mission-Based Cyber Risk Assessments

Higher Fidelity

Phase 1 Understand Cybersecurity Requirements

Phase 2 Characterize

the Cyber Attack Surface

Cyber T&E analysis and planning

Phase 3 Cooperative Vulnerability Identification

Phase 4 Adversarial Cybersecurity

DT&E

Phase 5 Cooperative Vulnerability and Penetration Assessment

Cyber T&E

DoDI 5000.02, Enclosure 14 ? planning and conducting cyber T&E

Phase 6 Adversarial Assessment

Cybersecurity T&E is necessary and required by policy

? Evaluates a system's mission performance in the presence of cybersecurity threats ? Informs acquisition decision makers regarding cybersecurity, resilience and

survivability

CLEARED for Open Publication, August 06, 2018, DoD Office of Prepublication and Security Review, Case #18-S-1977

4

Cybersecurity T&E Policy

CLEARED for Open Publication, August 06, 2018, DoD Office of Prepublication and Security Review, Case #18-S-1977

5

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.