Commander, Navy Installations Command (CNIC) is responsible for the U.S. Navy’s worldwide shore installation management. As the Navy’s shore integrator, CNIC designs and develops integrated solutions for sustainment and development of Navy shore infrastructure. With more than 53,000 military and civilian personnel worldwide across 10 regions, 71 installations, and 123 Naval Operations Support Centers, CNIC is responsible for the operations, maintenance and quality of life programs to support the Navy’s Fleet, Fighters, and Families.

Being accountable for over 90 systems varying from a few to a thousand components in size, CNIC must direct, guide, and coordinate with each of the system owners regarding cybersecurity activities. They are required to report status and set priorities at the Echelon II level. When authorizations for several systems expired, they needed a partner to support this effort.

In support of the contract, TIAG’s team of cybersecurity experts was tasked to authorize the systems located worldwide that vary in size and complexity by maintaining and modernizing the infrastructure to enhance the ability to perform core missions. Through the assessments and authorization process, we are able to identify and report higher security risk areas to CNIC and Navy authorities, which leads to updating and upgrading older technologies. Our team’s combined experience of over 170 years enabled us to execute the tasks in an expeditious and efficient manner. We recommended setting up processes that measured progress quantitatively and anticipated shortcomings, which were addressed proactively. TIAG developed an event-based schedule and resource tracker for the team to support the 6-step RMF activities.

In less than six months, CNIC received authorization for five systems and are on the verge of completing six more in the next couple of months due to the process in place and team of cyber professionals. The graphical view of the resource tracker allows us to easily adjust by augmenting any over-burdened team member. NIWC and CNIC customers have repeatedly praised our accomplishments so much so that they asked us to supplement some of their duties. We continue to improve our way of conducting business.

The primary mission of the USUHS is to train, educate, and prepare uniformed services health professionals, officers, and leaders to directly support the Military Health System, the National Security and National Defense Strategies of the United States, and the readiness of our armed forces.

Network vulnerabilities put the USUHS military network at risk of disconnection from the Defense Information Systems Agency (DISA)-managed Global Information Grid (GIG). Unless successfully remediated, these vulnerabilities would have severely affected the USUHS mission and put at risk the education programs it provides.

After evaluating the USUHS IT environment and security posture, we built and executed a systematic transformation and accreditation strategy, focusing on the USUHS network infrastructure, computing devices, and enterprise management tool set. We created a configuration management database and asset portfolio of all resources and evaluated and addressed any shortcomings in all assigned systems. Finally, our experts in cybersecurity enhanced the organization’s security by hardening server and network infrastructure, addressing security vulnerabilities, and creating unique compliance documentation. The project concluded with full visibility, management, and vulnerability coverage of their non-homogeneous environment and divergent networks, successful disposition and remediation of all systems assigned, and a new accreditation of both their .MIL and .EDU networks–one of the first in the DoD. Currently, we are responsible for all aspects of Risk Management Framework (RMF) preparation and submittal, IAVA tracking and compliance, policy development and enforcement, and ensuring security compliance and accreditation of all USUHS networks and systems. Our approach involves all measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.

The President of USU gave TIAG an award for our Exceptional Performance implementing the full suite of DoD Information Assurance Certification and Accreditation Process remediation services that helped them achieve an Authority to Operate for their military and .EDU network circuit.

The mission of the RHC-A and its more than 28,000 staff members is to provide world-class, proactive, patient-centered health care for approximately 600,000 service members, retirees, and their families.

As a Tier 3 IT operations policy and procedure support mechanism for the region; RHC-A needed high-level cybersecurity support that would perform vulnerability assessments and implement cybersecurity protocols and procedures at RHC-A to help safeguard the data of Wounded soldiers, military personnel, and their families.

As a proactive measure, TIAG managed the host-based security system to block viruses and malware and implemented a process to regularly scan for vulnerabilities using the system control configuration manager to ensure all patches and updates were applied across all devices on the network. We established a comprehensive risk management framework process and developed LAN ATO packages for all sites to ensure all required controls and artifacts were in place and fully complied with DHA cybersecurity rules and regulations.

Our proactive approach improved RHC-A’s cybersecurity posture by reducing vulnerabilities across the region and allowed RHC-A to more efficiently track and monitor their cybersecurity. Additionally, we successfully converted all MTFs in the region from DIACAP to RMF and received the most approved three-year ATO accreditations in 2016/2017 across all regions.

As the premier DOD center of industrial and technical excellence, LEAD’s mission is to develop and deliver best-in-class technologies and business practices for air defense tactical missile ground support equipment, mobile electric power generation equipment, patriot missile recertification, and route guidance vehicles for both the U.S. and its international partners. The mission of LEAD’s Directorate of Information Management (DOIM) is to provide the highest level of reliable IT and expand IT services so information flows seamlessly within the LEAD community.

The Industrial Control System (ICS) test equipment located at LEAD presented numerous cybersecurity challenges at every level of the organization, including widely varying security postures with little to no consistency, expired and limited maintenance contracts with no onsite infrastructure, and inconsistent cybersecurity plans across the entire infrastructure.

TIAG created a high-level, four-phase strategy to identify and mitigate vulnerabilities and improve the overall cybersecurity posture of ICS. This strategic approach was then turned into tactical objectives leveraging processes developed to satisfy the three core tracks of the ICS system’s lifecycle. We employed this track-focused, tactical approach to ensure that every ICS test asset within the purview of LEAD, whether new or legacy, would be addressed from a cybersecurity perspective.

LEAD now has a repeatable, standardized protocol to address common vulnerabilities. LEAD is also now able to establish and maintain an acceptable cybersecurity posture and resiliency across the entire lifecycle of ICS and similar test systems.

CyberLog is the functional owner for the DHA’s Cybersecurity Risk Management Framework for medical devices and equipment across the Military Health System.

To support the transition away from service-specific processes to one functional capability, the DHA required a center of excellence (CyberLog) to unify cybersecurity efforts for medical devices and equipment across the entire Military Health System enterprise. This included coordinating the transition of DHA medical logistics and the medical device Risk Management Framework (RMF) program.

TIAG was brought in to plan, implement, and sustain medical device and equipment security across the Military Health System enterprise with a goal of standardizing decision-making across the enterprise. We helped the DHA create large-impact solutions, gain natural efficiencies, increase visibility and enterprise management, and align to the data by establishing functional virtual authorization boundaries and assessing and incorporating enterprise authorizations. TIAG worked collaboratively with DHA to develop a rigorous “cradle to grave” Risk Management Framework (RMF)-based assessment process that provided full lifecycle cybersecurity services for medical devices across the DHA enterprise. We advised on the efficiency, effectiveness, and performance of security controls for medical devices and assisted the DHA’s medical device vendors to produce evidentiary materials that met or exceeded DoD IT auditing standards.

Our innovative solutions successfully stood up the DHA CyberLOG and were some of the first of their kind in the DoD. The interoperability provided through CyberLOG allows health care providers across the military health system to treat patients and improve outcomes while also mitigating the risk of cybersecurity threats.