Activity-in-Diagram: Assess Cybersecurity Risk

CreatorTim Ramey

Description

The goal of cybersecurity T&E is to identify and mitigate exploitable system vulnerabilities impacting operational resilience of military capabilities before system development to include safety, survivability, and security. Early discovery of system vulnerabilities can facilitate remediation and reduce impact on cost, schedule, and performance.

Within this model, performers (personnel and organizations) are shown as Magenta flows. Those with accountability for an activity are shown as Controls and those with performance responsibility are shown as Mechanisms. Other performers may fill Supporting, Consulting, or Informed roles but are not generally shown in this model.

Owning Diagram DoD CT&E

Decomposition

A0: Assess Cybersecurity Risk

Input

system description

Output

updates to RMF and POA&M

Cyber Survivability Risk Category (CSRC) assignment

Mission-Based Cyber Risk Assessment (MBCRA)

Test and Evaulation Master Plan (TEMP)

Control

DODIs (various)

RMF and POA&M

Attachments

acq lifecycle.png

ct&e phases in context.png

example cywg roles.png

rasci definitions.png