Understanding: Defense Logistics Agency (DLA) Information Operations J6 is responsible for transformation and sustainment of the Information Operations mission and its associated commitment to the warfighting logistician. Inherent in doing so is the responsibility to ensure a comprehensive, best practices Information Assurance (IA) plan to provide the best Information Technology (IT) support to the Department of Defense (DOD), DLA business community, stakeholders, subordinate units and the warfighting logistician. The Risk Management Framework (RMF) replaces the DoD Information Assurance Certification and Accreditation Process (DIACAP) and manages the lifecycle cybersecurity risk to DoD IT in accordance with DoD Instruction (DoDI) 8510.01 I …show more content…
DLA’s full transition to the RMF will provide a standardized and centralized RMF IA C&A program that complies with DOD and DLA 8570 policies and procedures. We will develop, implement, and sustain DLA enterprise architecture wide RMF IA C&A related compliance capability to ensure conformance with stated requirements, laws, regulations, policies and strategies. We will aid and assist in assessing the risk and potential costs of non-compliance against the projected expenses to achieve compliance, prioritize, fund and initiate any corrective actions deemed necessary while ensuring that DLA’s business community garners the benefits of the more streamlined process. Fundamental in these responsibilities are preventative and analytical activities aimed at enhancing the overall RMF and IA posture of the DLA Global Enterprise Architecture networks, information systems and …show more content…
Following our initial assessment we will provide recommendations for the “to be” RMF IA and C&A program by providing DLA J6 with the analysis of alternatives (AoA) on courses of action (COAs) for the current IA C&A program. Part of this initial assessment is to address key risk areas across DLA Global Enterprise Architecture and supply chains to look at best practices for mitigation procedures that minimize the operational risks posed from cyber threats to the DLA Global Enterprise Architecture. Following our initial assessment we will incorporate the “to be” RMF IA and C&A program across which will standardize, and centralize, the program while grounding it in Industry standards and best practices. The RMF mandated transition is already in the implementation phase and a strategy will have to managed and complied with to continue the transition through to completion. This strategy represents the DOD IT and DODI 8510.01 policy signed into effect in March 2014 aligns the DOD agencies (DLA) through the standardized use of the NIST 800-37 and 800-53 publications and the CNSSI 1253. Part of the RMF transition will see DLA migrate to the DOD’s Enterprise Mission Assurance Support Service (eMASS) with the benefits being a standardized, centralized repository for all RMF products including workflow