Model: DoD CT&E
CreatorTim Ramey
Purpose:
The purpose of this effort is to model the process implicit in the DoD Cybersecurity Test and Evaluation Guidebook. The underlying motivation behind this model is to create a framework within which to place the ASSURANT Suite. If successful, placing ASSURANT within this larger framework should lead to improved marketing of ASSURANT as it stands and expansion of ASSURANT capabilities and scope to include more of this framework (thereby expanding its market scope).Context:
"The purpose of [DoD Cybersecurity Test and Evaluation Guidebook] is to promote data-driven mission-impact-based analysis and assement methods for cybersecurity test and evaluation (T&E) and to support assessment of cybersecurity, system cyber survivability, and operational resilience within a mission context by encouraging planning for tighter integration with traditional system T&E. Cybersecurity T&E starts at acquisition initiation and continues throughout the entire life cycle." [Guidebook]Viewpoint:
The viewpoint taken in developing this model is that of the policy analyst or decisionmaker addressed as the audience of DoD Cybersecurity Test and Evaluation Guidebook.Description
This model depticts the process described in Cybersecurity Test & Evaluation Guidebook Version 2.0, Chnage 1. The model is intended to serve as a framework within which cybersecutiry and cyber survivability tools and methods can be located."The guidebook outlines the preferred approach for PMs [program managers], CDTs [chief development testers], and OTAs [operational test authorities] to implement the DoDI 8500.01 and DoDI 5000.02 policies for cybersecurity T&E [test and evaluation]." [Guidebook]
Activities
Concepts
Cyber Survivability Risk Category (CSRC) assignment
Mission-Based Cyber Risk Assessment (MBCRA)
Test and Evaulation Master Plan (TEMP)
Sources
DoD Cybersecurity Test and Evaluation Guidebook 2.0, Change 1, 2020.
