Creator
Description
The OTA is responsible for developing the analytical framework of issues, measures, and data requirements; the data collection procedures, including instrumentation, recording of observations and actions, and surveys; the framework of the test design, such as length, scenarios, and vignettes; and providing a report that addresses the collected data and evaluation results. CVPA data and tests include system and network scans, vulnerability validation, penetration tests, access control checks, physical inspection, personnel interviews, and reviews of system architecture and components to characterize the cybersecurity defensive status of a system as deployed and operated in the operational environment, including third party defenders.Owning Diagram A5: Phase 5: Assess Vulnerabilities and Penetration
Operational Test Readiness Review (OTRR)
Mission-Based Cyber Risk Assessment (MBCRA)