Cybersecurity Test and Evaluation Process
Cybersecurity Test and Evaluation Process
June 2018
CLEARED for Open Publication, August 06, 2018, DoD Office of Prepublication and Security Review, Case #18-S-1977
Agenda
? Cybersecurity T&E Introduction ? Cybersecurity T&E Policy ? Cybersecurity T&E Process ? Cybersecurity T&E in the TEMP ? Cyber Ranges ? Cybersecurity T&E Guidebook
CLEARED for Open Publication, August 06, 2018, DoD Office of Prepublication and Security Review, Case #18-S-1977 2
Introduction
? Many DoD systems have not proven to be cyber secure
? Year after year DOT&E assessments have shown that systems remain vulnerable
? Security controls programs, such as the Risk Management Framework (RMF), are necessary but not sufficient
? These compliance measures do not adequately address threat tactics and capabilities
? These controls are frequently considered late in development
? Mission risk and operational resilience have not been properly addressed in controls based security
? There is a need for a more robust cybersecurity process
? Establishing thorough cybersecurity requirements ? Engineering cybersecurity into the system as opposed to adding it late ? Thoroughly testing and evaluating systems and providing feedback to the
development engineers for action
? This brief describes the Cybersecurity T&E process
CLEARED for Open Publication, August 06, 2018, DoD Office of Prepublication and Security Review, Case #18-S-1977
3
Cybersecurity T&E Process
PHASES
MDD
MS A
Dev RFP
CDD Validation
Release Decision
MS B
IATT
ATO
MS C
Full Rate Production Decision Review
Materiel Solution
Technology
Analysis Maturation & Risk
Reduction
DRAFT CDD
PDR CDD
Engineering & Manufacturing
Development
Production & Deployment
OTRR IOT&E
CDR TRR
CPD
Operations & Support
Lower Fidelity
Mission-Based Cyber Risk Assessments
Higher Fidelity
Phase 1 Understand Cybersecurity Requirements
Phase 2 Characterize
the Cyber Attack Surface
Cyber T&E analysis and planning
Phase 3 Cooperative Vulnerability Identification
Phase 4 Adversarial Cybersecurity
DT&E
Phase 5 Cooperative Vulnerability and Penetration Assessment
Cyber T&E
DoDI 5000.02, Enclosure 14 ? planning and conducting cyber T&E
Phase 6 Adversarial Assessment
Cybersecurity T&E is necessary and required by policy
? Evaluates a system's mission performance in the presence of cybersecurity threats ? Informs acquisition decision makers regarding cybersecurity, resilience and
survivability
CLEARED for Open Publication, August 06, 2018, DoD Office of Prepublication and Security Review, Case #18-S-1977
4
Cybersecurity T&E Policy
CLEARED for Open Publication, August 06, 2018, DoD Office of Prepublication and Security Review, Case #18-S-1977
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- cortical visual impairment assessment and treatment dr
- cortical visual impairment in children presentation
- screening for cerebral visual impairment value of a cvi
- cybersecurity test and evaluation process
- the content validity index are you sure you know what s
- the cvi range wesc foundation
- defensive cyber operations testing
- functional vision evaluation teaching students with
Related searches
- monitoring and evaluation tools
- project monitoring and evaluation tools
- free monitoring and evaluation courses
- what is monitoring and evaluation pdf
- monitoring and evaluation books pdf
- monitoring and evaluation training online
- online monitoring and evaluation course
- monitoring and evaluation framework pdf
- monitoring and evaluation definitions
- monitoring and evaluation certificate
- monitoring and evaluation course content
- monitoring and evaluation free training