Students in this 3 day course will learn ethical considerations and Cybersecurity support roles, responsibilities and strategies that include Risk and Risk Management Framework governance structure for resolving Cybersecurity conflicts throughout the acquisition and sustainment of the systems lifecycle.
Course Outline
Introduction
- Purpose
- Background
- Applicability
PM Cybersecurity Basics
General Expectations for Program Managers
- Cybersecurity Basics
- PM Cybersecurity Responsibilities
- ISSM Roles and Responsibilities in Support of the Program Manager
- Cybersecurity Strategy Requirement
Functional Activities
- Cybersecurity Requirements Analysis and Definition
- Categorization by Confidentiality, Integrity, and Availability Impact Levels
- Functional Decomposition and Allocation of Cybersecurity Requirements
- Design and Development
- Configuration Management
- Risk Assessment
- Threat Analysis
- Cybersecurity Validation, Test, and Evaluation
- Test Plans and Reports
Risk and the RMF Governance Structure
Resolving Conflict Arising from Cybersecurity Implementation
Acquisition Lifecycle Cybersecurity Activities and Process Flow
- Requirements
- Development
- Authorization
- Operations
Cybersecurity Throughout the Acquisition Lifecycle
- Materiel Solution Analysis (MSA) Phase
- Cybersecurity Assessment Criteria for Analysis of Alternatives (AoA)
- Develop Initial Cybersecurity Strategy and Include Cybersecurity in MS A Documentation
Technology Maturation and Risk Reduction (TMRR) Phase
- Include Cybersecurity in System Design and Development RFP Release Decision Documentation
- Include Cybersecurity in Preliminary Design and Final MS B Documentation
Engineering and Manufacturing Development (EMD) Phase
- Include Cybersecurity in Detailed Final Design
- Test Cybersecurity Requirements in a Cyber Threat Environment and Assess Cyber Risk to Support Initial Deployment Decision
Production and Deployment Phase and Operations and Support Phase
- Production and Deployment: Operationally Test Cybersecurity to Support Full or Final Deployment Decision
- Operations and Support: Monitor Cybersecurity and Risk after Authorization to Operate to Maintain Security Posture until Disposal
Cybersecurity Roles and Responsibilities
Cybersecurity Engineering Considerations
- Introduction
- Background
- Roles and Responsibilities
- Cybersecurity Engineering References
- Program Protection Planning
- TSN Analysis
- Requirements Traceability and Security Controls
- Selecting and Tailoring Security Controls
- Engineering Trade Analyses
- Systems Engineering Technical Reviews
Cybersecurity Test and Evaluation Considerations
- Introduction
- Cybersecurity Test and Evaluation
- Developmental Test and Evaluation
- Understand Cybersecurity Requirements
- Characterize the Cyber Attack Surface
- Cooperative Vulnerability Identification
- Adversarial Cybersecurity DT&E
- Operational Test and Evaluation
- Cooperative Vulnerability and Penetration Assessment
- Adversarial Assessment
- Overarching Cybersecurity T&E Guidelines for the PM
Cybersecurity Lifecycle and Sustainment Considerations
Cybersecurity Risk Assessment Process
- Cybersecurity Risk Assessments
Summary of Cybersecurity-Related Artifacts
Cybersecurity Request for Proposal Considerations
- Overview
- Request for Proposal (RFP) Language
- Additional Request for Proposal Information
Ethical Considerations
Laws and Regulations