This military intelligence organization needed to improve its processes for achieving Authority-to-Operate (ATO), and faced significant hurdles. To begin with, the agency had a highly complex process for security engineering life-cycle management. The agency also recognized that it would take a significant amount of time to certify, with no guarantee of ATO accreditation, and possible delays in deploying required operational capabilities. The agency came to Aveshka for a solution that would improve its risk management capabilities and deliver more proactive security, in a compressed timeframe, to determine system risks and their impact on mission/business needs.
Working with our client, we built new security processes into all aspects of the development life-cycle using the latest security standards and directives, including DIACAP, ICD, NIST and CNSS. Employing a Risk Management Framework (RMF) for effective IA and systems security engineering, we also provided a proactive structured threat/vulnerability analysis with supporting forensics.
The client reduced its time and cost for gaining ATO accreditation, and at the same time, mitigated associated risks