Activity-in-Diagram: Plan CVI Test Activities

CreatorTim Ramey

Description

"The CDT and CyWG, including the vulnerability assessment team and adversarial DT&E and OT&E testers, plan contractor and government tests to focus on potentially vulnerable functions in components, interfaces, and architecture that are critical or essential to mission operation success.

"Whenever possible, the CDT plans to test in a mission context to demonstrate system cyber survivability and operational resilience." [Guidebook]

The term 'cooperative' in this and related tasks is used to indicate that testing is 'controlled;' that operators and testers are aware of all test activities taking place. 'Adversarial' testing, by contrast, involves test events the details of which are not exposed to system operators (ie, defenders).

Owning Diagram A3: Phase 3: Identify Cybersecurity Vulnerabilities

Decomposition

A31: Plan CVI Test Activities

Input

cyber attack surface analysis report

Mission-Based Cyber Risk Assessment (MBCRA)

Output

TEMP updates

Cooperative Vulnerability Identification (CVI) test plan

Control

RMF security plan

cybersecurity T&E strategy

Cheif Developmental Tester

Test and Evaulation Master Plan (TEMP)

Mechanism

Lead DT&E Organization