Out With the DIACAP, In With the DIARMF?

Dr. Julie E. Mehan — Mon, 27 Feb 2012 16:33:50 +0000

We haven’t posted on DoD’s pending transition from the DoD Information Assurance Certification & Accreditation Process (DIACAP) to what is called – at least for now – the DoD IA Risk Management Framework (RMF). Now, after reading the articles by noted security experts Len Marzigliano and Richard Bejtlich, it’s time to take a look at what this transition might really mean for DoD and its supporting contractors.

For those of us who have been around a while, we remember the emergence of the DoD Information Technology C&A Process (DITSCAP) and the somewhat reluctant transition from that C&A process to the DIACAP in 2007/2008. We watched while the DIACAP, which was intended to be a standardized process that would be applied consistently across the entire DoD to support reciprocity and cost savings, was subjected to modification and interpretation by each of the services. The result – standardization and consistency flew out the window and the DoD was back to incompatible, non-standardized processes and the inability (and perhaps unwillingness) to support full reciprocity across the DoD. In the end, despite all of the best intentions of the DoD authors of the DIACAP, it became yet another resource-intensive, paperwork centric process. But, 5 years into the transition and some of the wrinkles are getting sorted out.

And now, DoD wants to change yet again? Whoa, and we are just getting used to the DIAC AP!

So, why now, and why the RMF? It all goes back five years or so ago to a series of discussions hosted by then Director of National Intelligence, Hon. Dale Meyerrose, along with the DoD CIO, Hon. John Grimes. The goal of their conversations was to jointly find solutions to long-standing problems relating to the extensive resources the IC and DoD historically expend for C&A, ensure that C&As accomplished by one agency would be valid for all agencies, and to deliver systems to the customer faster. Concurrently, the National Institute of Standards and Technology (NIST) was working on a revision of the C&A processes used for Federal Information Systems. And then it dawned….. why not work together across the Federal government to create a single process that would be applicable across the entire Federal government to include the DoD and Intelligence Community (IC)?

The result is the NIST RMF and the IC and DoD have agreed to adopt this standard as their own – with some minor modifications, of course. Stay tuned for our next posting where we will continue this journey.

Lunarline is on the front lines of this new transition. Please be sure to take a look at our White Paper at http://lunarline.com/Services/Whitepapers.aspx. With our extensive experience in applying the NIST RMF, our participation in Federal, DoD and IC C&A transition working groups, and our NSA/CNSS certified training in this process, we can support you today and help prepare you for tomorrow.

FCD-1 Revision 1

Bob Cohen — Thu, 08 Dec 2011 12:52:37 +0000

I had an opportunity to review the draft of the upcoming revision 1 to Federal Continuity Directive 1 (FCD-1). I had several issues with it. It talks about about “establishing contingency plans for the performance of essential functions.” Unfortunately this contradicts SP 800-34 which says “An Information System Contingency Plan (ISCP) Provides procedures and capabilities for recovery an information system.”

Just to clarify - Until this draft, the government has used the term “contingency plan” to denote the policies and procedures for the recovery of a single system. “COOP Plan” has been used as the policies and procedures for recovering Primary Mission Essential Functions (PMEFs) and Mission Essential Functions (MEFs).

There are several other instances where the drafters of this revision crossed terms as used in other publications, particularly the NIST Special Publications. I’d like to see more consistency across publications to reduce confusion.COOP, Contingency Plan, Continuity, FCD, Recovery, Disaster Recovery

Cyber Security Company Lunarline Ranked as One of America’s Fastest Growing Companies

Carolyn Morse — Tue, 06 Sep 2011 20:39:06 +0000

For the second year in a row, Lunarline, Inc. is named to the Inc. 500|5000 list, jumping 366 spots to rank No. 1846. This is the fifth year Inc. magazine has compiled their exclusive list of the nation’s fastest growing private companies. The list represents the most comprehensive look at the most important segment of the economy—America’s independent entrepreneurs.

Lunarline Announces Upcoming Launch of the School of Cyber Security at FOSE Conference

Melissa Dawson — Tue, 12 Jul 2011 17:26:56 +0000

The FOSE Conference and Exposition serves as a forum for bridging ideas and innovations between the public and private sector—and provides a forward-looking view of upcoming federal IT initiatives. The event will be held at the Walter E. Washington Convention Center from July 19-21. Lunarline, Inc. will be an exhibitor at booth #212 with some new and exciting offerings!

Lunarline has proven expertise in cyber security and privacy solutions, specialized information assurance services, and Next-Generation infrastructure strategies. Lunarline will be available to discuss ways that new tools and approaches are improving enterprise-wide and federated decision making and security.

Lunarline will also provide information on their upcoming School of Cyber Security (SCS) launch. The SCS is dedicated to providing excellence in cybersecurity training and certifications.

Lunarline Teams with Booz Allen Hamilton on TIPSS-4 ITS Win

Bobbie Lawson — Wed, 29 Jun 2011 18:16:21 +0000

Lunarline partnered with Booz Allen Hamilton in a winning bid for an IT services-related suite of indefinite-delivery, indefinite-quantity (ID/IQ) contracts, called TIPSS-4 ITS. These contracts are the primary procurement vehicles for technology-related services within the Internal Revenue Service and other Treasury bureaus. The TIPSS-4 contract has a 10-year period of performance (one base-year and nine one-year options).

U.S. Cyber Command Conference

Melissa Dawson — Wed, 08 Jun 2011 15:48:42 +0000

I’m excited to be attending the U.S. Cyber Command Conference two weeks from today! Let me know if you’re going to be there and we can coordinate a time to meet.

We recently released an article about Lunarline’s involvement in the event. You can read more about it here.

Lunarline Announces Participation in FAA HQ Cyber Security Awareness Day

Melissa Dawson — Tue, 07 Jun 2011 18:46:30 +0000

Lunarline, Inc. will be an exhibitor at the FAA HQ Cyber Security Awareness Day on June 23, 2011 in Washington, DC. The on-site expo is part of the FAA’s Annual Cyber Security Awareness Training and showcases cyber security best practices and technology.

Lunarline Now Offers CNSSI 4012 Certification in their Training Program

Melissa Dawson — Tue, 07 Jun 2011 17:38:25 +0000

Lunarline’s courseware now officially meets all of the requirements of the Committee on National Security Systems, National Information Assurance Training Standard for Senior Systems Managers (CNSSI 4012) certification. Additionally, the coursework continues to meet the standards for the National Training Standard for Information Systems Security (INFOSEC) Professionals and System Certifiers ( NSTISSI 4011 and 4015 certifications). Students receive a certificate for successful participation in each course, in addition to the ability to claim 40 hours of Continuous Professional Experience.

Lunarline Teams with MicroTech on OPTARSS II Win

Bobbie Lawson — Mon, 23 May 2011 15:58:40 +0000

Photo Credit: soldiersmediacenter

Lunarline partnered with MicroTech in a winning bid for the U.S. Army $2.5 Billion Operations, Planning, Training and Resource Support Services (OPTARSS II) contract, a flagship vehicle for U.S. Army Forces Command (FORSCOM). The OPTARSS II contract is a master, indefinite delivery indefinite quantity (ID/IQ), multiple award task order contract. It is structured for maximum flexibility in providing for an expedited ordering process in order to satisfy the needs of operations customers throughout the Army and Department of Defense (DoD).

Lunarline, Inc. CEO Selected to Join Influential and Exclusive Group, Smart 100

Bobbie Lawson — Fri, 15 Apr 2011 15:46:57 +0000

Washington SmartCEO magazine recently announced that Lunarline’s CEO, Waylon Krush, has been named on the highly anticipated roster of its 2011 Smart100 CEOs. Smart100 is an exclusive, elite group of 100 CEOs chosen for their leadership, strategic vision and character.