Activity-in-Diagram: Phase 2: Characterize Attack Surface
CreatorTim Ramey
Description
During Phase2, government and contractor test teams identify vulnerabilities and avenues of attack an adversary may use to exploit the system and develop plans to evaluate the impacts to the mission
Characterize the Cyber-Attack Surface
Perform an MBCRA to analyze the attack surface, examine the cybersecurity risks the system may face, and create a set of cybersecurity scenarios used for testing during upcoming test events. A CTT exercise is a useful tool for performing the MBCRA.
Owning Diagram A0: Assess Cybersecurity Risk
Decomposition
A2: Phase 2: Characterize Attack Surface
Input
CONOPS
DoDAF Architecture Views
system design
system threat assessment
Mission-Based Cyber Risk Assessment (MBCRA)
RMF security plan
Program Protection Plan (PPP)
Cybersecurity Service Provider (CSSP) support plan
Information Support Plan (ISP)
Output
need for additional requirement
cybersecurity T&E strategy update
key cyber terrain
cyber attack surface analysis report
TEMP updates
MBCRA updates
Control
Test and Evaulation Master Plan (TEMP)
plan for MBCRA
catalog of cybersecurity requirements
cybersecurity T&E strategy
Cheif Developmental Tester
Mechanism
Cybersecurity DT&E Technical Experts
Lead DT&E Organization
Attachments
phase 2.png
