The U.S. Army Engineering and Support Center, Huntsville, provides quality oversight and management of cybersecurity inventories of facility-related control systems (FRCS) including medical systems, assists multiple Department of Defense customers in obtaining an Authority To Operate (ATO) under the Risk Management Framework (RMF) requirements, and provides Continuous Monitoring Support services once the ATO is achieved.
The cybersecurity requirement has been mandated for all DoD per the Risk Management Framework standards in accordance with the DoD Instructions 8500.01 "Cybersecurity" and 8510.01 "RMF for DoD IT," both updated and released in March 2014.
The Cybersecurity Systems (CS) Project Delivery Team is made up of the Control System Cybersecurity Mandatory Center of Expertise for FRCS, Cybersecurity technical and policy experts, project managers, contract officers and contract specialists. The PDT works with the customer to define the needs and requirements of the project and ensures that the customer receives quality support from initiation through completion.
The CS program offers the following services to customers worldwide through both in-house and contract resources:
- Conducts inventories of Facility Related Control Systems (including medical facilities) that will help the customer identify their current control systems and use the data in the RMF process.
- Executes requirements for obtaining an ATO.
- Conducts site surveys to assist the customer in establishing the RMF accreditation boundary.
- Analyzes existing system(s) and recommend courses of action for meeting and maintaining compliancy with DoD standards in order to obtain and maintain an ATO under the RMF requirements.
- Works with system owners to ensure that the system owner understands the process and requirements for
- obtaining and maintaining an ATO.
- Utilizes in-house reach back support from the CS MCX, the Electronic Security System (ESS) MCX, and the Utility Monitoring & Control System (UMCS) MCX to ensure cybersecurity changes won’t negatively affect the operability of the system.
- Provides Continuous Monitoring Support Services to maintain the ATO once achieved.
- Supports customers in the development of Agency specific procedures for RMF implementation.
Huntsville’s CS Program utilizes a Professional Services Multiple Award Task Order Contract (MATOC) to solicit and award task orders for the individual or combination of services listed above. The CS Program can also utilize Architect-Engineering (AE) Services contract vehicles if necessary to complete a requirement.
The CS Program and the Cyber MCX has been successful in obtaining ATOs of control systems for various customers.
- Product Manager - Force Protection Systems, Fort Belvoir – Automated Installation Entry Version 2 System
- Defense Health Agency
- IMCOM Europe
- U.S. Army Reserves
- Missile Defense Agency
- U.S. Army Medical Command
- Assistant Chief of Staff for Installation Management
- IMCOM – Fort Leavenworth, Kansas
- Pueblo Chemical Depot, Directorate of Emergency Services
- Fort Hood, Texas, Directorate of Public Works (DPW) – Energy Management
- Fort Carson, Colorado, Directorate of Public Works owner understands the process and requirements for obtaining and maintaining an ATO.
- Colorado Army National Guard
Download the Cybersecurity Systems fact sheet (PDF) HERE.
(as of August 2021)