Agency Facilitates Cyber Risk Assessments
Mission partners receive help with compliance.
The Defense Information Systems Agency (DISA) now offers service product packages to mission-partner authorizing officials to provide a holistic view of their information systems risk posture. The packages help ensure compliance for mission partners who have programs and systems hosted within the DISA computing ecosystem.
Control Correlation Identifiers (CCIs) within the service packages allow high-level policy framework requirements to be decomposed and associated with low-level security settings to determine compliance with the objectives of that specific security control.
“We are providing mission partners options based on their requirements and elected services. We are also saving mission partners time and resources by leveraging our tested, validated and compliant CCIs,” explains Stephanie Watt, chief of the cyber controls section, Computing Ecosystem’s Cyber Services Line of Business, in a DISA statement.
For example, mission partners on virtual operating environments have an option to select Service Package 4 or 5, which is “secure at will.” This enables DISA to make changes based on mission partner-directed configurations and the ability to secure at will without mission partner approval. The agency will adhere to the change management process and make changes during the scheduled monthly maintenance downtime.
The service product packages are in addition to the services the mission partner inherits from the DISA Data Center and Enterprise Infrastructure Backbone Network Risk Management Framework (RMF) packages. The agency also created packages to provide a foundation for mission partners to share, inherit and operate within the RMF.
Mission partners can initiate the inheritance process by submitting an RMF requirements form via email to the DISA Computing Ecosystem Cyber Services Line of Business. Once the form is validated, mission partners will request and receive inheritance via the Enterprise Mission Assurance Support Service, a web-based application that automates the RMF process.
For more information about the RMF or the service product packages, please visit DISA’s Risk Management Framework customer portal. Common Access Card required.