Model: A0: Assess Cybersecurity Risk

Click Activity Box for Description Click Shadow for Decomp Diagram Click Shadow for Decomp Diagram Click Activity Box for Description Click Shadow for Decomp Diagram Click Shadow for Decomp Diagram Click Activity Box for Description Click Shadow for Decomp Diagram Click Shadow for Decomp Diagram Click Activity Box for Description Click Shadow for Decomp Diagram Click Shadow for Decomp Diagram Click Activity Box for Description Click Shadow for Decomp Diagram Click Shadow for Decomp Diagram Click Activity Box for Description Click Shadow for Decomp Diagram Click Shadow for Decomp Diagram Click Activity Box for Description Click Shadow for Decomp Diagram Click Shadow for Decomp Diagram

Creator

Description


Parent Activity: Assess Cybersecurity Risk

Activities

Phase 1: Understand Cyber Security Requirements

Phase 2: Characterize Attack Surface

Phase 3: Identify Cybersecurity Vulnerabilities

Phase 4: Test & Evaluate Adversarial Impact on Critical Functions

Phase 5: Assess Vulnerabilities and Penetration

Phase 6: Assess Adversary Impact on Missions

Establish the Cybersecurity Working Group (CyWG)

Concepts

CT&E RFP

plan for MBCRA

cybersecurity controls

cybersecurity threats

system architecture

system envirionment

cyber attack surface analysis report

cybersecurity T&E strategy update

ACD assessment report

Cooperative Vulnerability and Penetration Assessment (CVPA) reporting

updates to RMF and POA&M

operational evaluation

Authorization to Operate (ATO)

CONOPS

DT&E assessment

range and simulator accreditation

cyber DT test reports

DT assessment

Operational Test Readiness Review (OTRR)

RMF security plan

Cybersecurity Service Provider (CSSP) support plan

DoDAF Architecture Views

Information Support Plan (ISP)

Program Protection Plan (PPP)

system design

DODIs (various)

JCIDS IDC/CDD/CPD

CVI reports

RMF and POA&M

Test and Evaulation Master Plan (TEMP)

catalog of cybersecurity requirements

system threat assessment

cybersecurity evaluation

need for additional requirement

Mission-Based Cyber Risk Assessment (MBCRA)

key cyber terrain

MBCRA updates

TEMP updates

system description

Cyber Survivability Risk Category (CSRC) assignment

OT data requirements

cybersecurity T&E strategy

Cheif Developmental Tester

Operational Test Agency

Lead DT&E Organization

Cybersecurity DT&E Technical Experts

Cybersecurity OTA Technical Experts

Cybersecurity Working Group (CyWG)

POA&M for remediation of vulnerabilities

T&E Working Integrated Product Team (WIPT)

ACD Test Plan