Activity-in-Diagram: Phase 5: Assess Vulnerabilities and Penetration
CreatorTim Ramey
Description
[Cooperative Vulneribility and Penetration Assessment]
"The purpose of this phase is to use data from cooperative cybersecurity test events to characterize the cybersecurity and resilience of a system in an operational context and provide reconnaissance of the system in support of the AA. This Phase includes assessing all test data from prior testing and is not a single test event." [Guidebook]
"Purpose - Provide a comprehensive characterization of the cybersecurity and resilience status of a system in a fully operational context and provide reconnaissance of the system to support adversarial testing (CST&E Phase 6 � Adversarial Assessment) " [DAU CALIT]
Owning Diagram A0: Assess Cybersecurity Risk
Decomposition
A5: Phase 5: Assess Vulnerabilities and Penetration
Input
CONOPS
Mission-Based Cyber Risk Assessment (MBCRA)
Authorization to Operate (ATO)
cyber DT test reports
DT assessment
DT&E assessment
Operational Test Readiness Review (OTRR)
Output
updates to RMF and POA&M
Cooperative Vulnerability and Penetration Assessment (CVPA) reporting
POA&M for remediation of vulnerabilities
TEMP updates
MBCRA updates
Control
OT data requirements
RMF and POA&M
Operational Test Agency
Mechanism
Cybersecurity OTA Technical Experts
Attachments
phase 5.png
