Sign up to receive SCM email updates (restricted to .mil email addresses)
Return to Gap Analysis
Current Process Overview - Initially each network/system goes through a Certification and Accreditation (C&A) process. This is a very labor intensive process and done about every 3 years.
- Once assets go through C&A, asset changes require manual updates to original C&A documentation.
- Periodic evaluations of the configurations of the boxes takes place during Command Cyber Readiness Inspections (CCRI). This is very labor intensive and may involve weeks of preparation by network administrators.
- CCRI consists of a series of manual checks and a asset scans using SCCVI (eEye Retina).
- Based on the results from the network scans changes are made to the assets . Updates to C&A documentation may be required.
- Scan results are uploaded reported to higher commands for tracking, inventory, and Situational Awareness purposes. In some cases a great deal of manual reporting is required into Vulnerability Management System (VMS)
|
SCM Process Overview - Compliance results and metrics are continuously reported and made available to the C&A process
- see Compliance Checking of Assets vignette ---->link!!!
- Results and metrics are used as inputs to Scoring algorithms
- Scoring algorithms are used to perform risk assessment and determine risk score for assets on network
- Network Situational Awareness
|