KSJ & Associates assisted in associating system level risk management to DHA risk management by working within an established three-tiered approach: addressing risk from an enterprise, component (mission/business process) and system level. Through KSJ’s partnership with the Cybersecurity Team, we have established initiatives to command the responsibility and accountability for security controls deployed within DHA information systems and inherited by those systems (i.e., common controls). KSJ’s team created System Security Artifacts and Procedures and prepared them based upon the NIST 800-53 v4 controls requirements for the following:

  • Network Architecture Diagram
  • Detailed Hardware Inventory
  • Detailed Software/Firmware Inventory
  • Ports, Protocols, and Services Management
  • Contingency Plan
  • Configuration Management Plan
  • Incident Response Plan
  • Continuous Monitoring Strategy
  • Plan of Action and Milestones (POA&M)
  • Privacy Impact Assessment
  • Public Key Infrastructure (PKI) Compliance
  • System Categorization
  • Rules of Behavior
  • System Security Plan
  • Security Design Document
  • User Account Request form
  • Backup and Restore recovery procedures
  • Access Management Plan

Our team has leveraged our deep knowledge and experience across the many phases of the business and IA transformation process to help DHA meet their policy mandate and bring about orderly and sustainable Security Control Implementation and tailor ISSO requirements for future RMF process efforts.

KSJ adheres to DoDI 8500.01, “Cybersecurity” and DoDI 8510.01, “Risk Management Framework for DoD Information Technology” mandates which replaced the DoD DIACAP process to establish RMF.