Blog: Security and Accreditation Concerns Drive Discussion
Accreditation and certification of software is a vital but time-consuming process. On Tuesday afternoon, panelists at the AFCEA SOLUTIONS symposium discussed the challenge and ongoing attempts to streamline the process. Brig. Gen. Peter F. Hoene, USAF, DISA's program executive officer for the Global Command and Control System-Joint (GCCS-J), stated that there was a need to speed accreditation and certification because the current procedure takes too much time. He noted that some units had even resorted to writing their own software, completely aware of the risks involved in using uncertified programs, because they needed the operational capability. To meet these needs, he noted that the Defense Department is taking steps to do this. He noted that it typically takes 200 days to move a software package throughout the system. DISA has developed a set of spiral initiatives designed to cut the process in half. The general explained that this allowed the GCCS-J to move from one new software release per year to four per year. Speaking from a small business perspective, Jason Pyeron, chief executive officer and chief information officer of PD, Inc. International, said that the current accreditation and certification process takes years to complete for major projects. Espousing a bottom-up approach, he advocated allowing scientists and engineers to develop the tools they need to do their work, but isolating them in computers with no network access. This separation allows work to continue, but protects networks until the software is properly vetted. Gen. Hoene noted that DISA has developed a trusted network environment, which allows users to log and tag data. He added that information assurance requirements must be built into government contracts. This allows firms to build in their security and avoids surprises and delays in the process.