Activity-in-Diagram: Phase 3: Identify Cybersecurity Vulnerabilities
CreatorTim Ramey
Description
[Cooperative Vulnerability Identification]
"The purpose of the third phase is to begin testing early to verify cybersecurity and operational resilience and identify vulnerabilities and inform implementing any needed mitigations. Using multiple tailored test events, vulnerability identification informs contractor and government system designers, developers, and engineers of needed system cyber survivability and operational resilience improvements to reduce risk. Phase 3 is iterative during contractor development and includes regression testing to verify implemented mitigations. Phase 3 is also iterative during government DT&E." [Guidebook]
"Purpose � Identify known cybersecurity vulnerabilities in hardware, software, interfaces, operations, and architecture; to assess the mission risk associated with those vulnerabilities; and to determine appropriate mitigations or countermeasures to reduce the risk." [DAU CALIT]
Owning Diagram A0: Assess Cybersecurity Risk
Decomposition
A3: Phase 3: Identify Cybersecurity Vulnerabilities
Input
Mission-Based Cyber Risk Assessment (MBCRA)
cyber attack surface analysis report
RMF security plan
Output
need for additional requirement
CVI reports
ACD Test Plan
cybersecurity evaluation
TEMP updates
MBCRA updates
Control
Test and Evaulation Master Plan (TEMP)
cybersecurity T&E strategy
Cheif Developmental Tester
Mechanism
Cybersecurity DT&E Technical Experts
Lead DT&E Organization
Attachments
phase 3.png