Information Technology

The NIST Risk Management Framework (RMF) describes the process for identifying, implementing, assessing, and managing cybersecurity capabilities and services, expressed as security controls, and authorizing the operation of Information Systems (IS) and Platform Information Technology (PIT) systems. RMF replaces the DoD Information Assurance Certification and Accreditation Process (DIACAP). Definition: The Risk Management Framework (RMF) brings […]

The Cybersecurity Strategy is a required acquisition program document (per DoD Instruction 5000.02 and Clinger-Cohen Act) that details how a program will ensure that an Information Technology system can protect and defend itself from a cyber attack.  The strategy is created and maintained by the Program Office and appended to the Program Protection Plan (PPP). It’s required for

The Department of Defense (DoD) Business Enterprise Architecture (BEA) is the enterprise architecture for the DoD Business Mission Area (BMA). The purpose of the BEA is to provide a blueprint for DoD business transformation that helps ensure the right capabilities, resources, and materiel are rapidly delivered to the military – what they need, when they

Cloud computing is a recently evolved computing terminology or metaphor based on utility and consumption of computing resources. Cloud computing involves deploying groups of remote servers and software networks that allow centralized data storage and online access to computer services or resources. “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to

The Bandwidth Requirements Review (BRR) is a requirement for all Information Technology (IT) programs to ensure the bandwidth capacities and capabilities needed to support the program are available or will be available, and how they will be met. The bandwidth requirements review is normally conducted as part of the review of the Information Support Plan

A Reference Architecture guides and constrains the development of Solution Architectures. There may be multiple Reference Architectures within a subject area where each represents a different emphasis or viewpoint. They can be defined at many levels of detail and abstraction (from specific to generalized) and for many different purposes. They help provide: [1] A common

Net-Centric Operations refers to participating as a part of a complex community of people, devices, information, and services interconnected by a communications network to optimize resource management and provide superior information on events and conditions needed to empower decision-makers. The Net-Centricity concept is the realization of a networked environment, including infrastructure, systems, processes, and people,

The Net-Ready Key Performance Parameter (NR-KPP) assesses the net-ready attributes required for both the technical exchange of information and the end-to-end operational effectiveness of that exchange. It evaluates information needs, information timeliness, Information Assurance (IA), and net-ready attributes. It’s rquirements are summarized in the NR-KPP Checklist. Checklist: Net-Ready Key Performance Parameter Guidebook: Navy Net-Ready Key

The following checklist from the Defense Acquisition Guidebook (DAG) summarizes the requirements for demonstrating compliance with the Net-Ready Key Performance Parameter (KPP) and should be useful in preparing for milestone approvals. Checklist: Net-Ready KPP Compliance Guidebook: Navy Net-Ready Key Performance Parameter Guidebook – 30 Sept 2011 Required Documents: Applicable Integrated Architecture Products, AV-1, OV-2, OV-4,

  Linux is a Unix-like computer Operating System (or OS) that uses the Linux kernel which is developed under open-source software. Linux started out as a personal computer system used by individuals, and has since gained the support of several large corporations, such as Sun Microsystems, HP and IBM. It is now used mostly as

The DoD Net-Centric Data Strategy provides the basis for implementing and sharing data in a net-centric environment. It describes the requirements for inputting and sharing data, metadata, and forming dynamic communities to share data. Program Managers (PMs) and Sponsors/Domain Owners should comply with the explicit requirements and the intent of this strategy, which is to

Mission Assurance Category (MAC) is applicable to Department of Defense (DoD) information systems and reflects the importance of information relative to the achievement of DoD goals and objectives, particularly the warfighters’ combat mission. Mission assurance categories are primarily used to determine the requirements for availability and integrity. Definition: Mission Assurance is a term primarily used

Information Technology (IT) Maintenance refers to the processes needed to sustain an IT product throughout its operational life cycle. Modifications to the IT product are logged and tracked, an impact analysis performed, code and other parts of the IT system are modified, testing is performed, and a new version of the IT product is released.

Information Support Plan (ISP) Analysis is concerned with analyzing a program’s information needs and dependencies. This analysis must be considered in the context of the process that is critical to the capability being completed by the system. It examines the critical mission threads associated with a program and compares the operational architecture views to the

The Information Technology Acquisition Board (ITAB) is the decision forum for Milestone review of Acquisition Category (ACAT) IAM programs. The ITAB contributes strategic-level insight for net-centric, Global Information Grid (GIG), and Information Technology issues when they cannot be resolved at the Overarching Integrated Product Team (OIPT) level. The ITAB facilitates execution of the Milestone Decision

Information Resources Management (IRM) is the process of managing information resources to accomplish agency missions and improve agency performance, including reducing information collection burdens on the public. When standardized and controlled, these resources can be shared and reused throughout an agency, not just by a single user or application. [1] Definition: Information Resource Management (IRM)

Information Superiority is the operational advantage derived from the ability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary’s ability to do the same. The Department of Defense (DoD) strategic vision for the 21st century is to ensure that U.S. forces have information superiority in every mission area

The Information Technology (IT) infrastructure of the DoD is the Global Information Grid (GIG). The GIG is the Department’s globally interconnected end-to-end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policymakers, and support personnel. The GIG includes owned and leased communications and computing systems and services, software

Every acquisition program should include language in their Request for Proposal (RFP) that addresses Cybersecurity requirements for a contractor. These requirements should be clearly and unambiguously articulated to potential offerors and what is expected from them in terms of compliance and performance. Below is a sample/explanation of Cybersecurity RFP Content that was obtained from the Defense

A DoD program should address Information Assurance (IA) in their Acquisition Strategy if they acquire Information Technology (IT) services by a contractor. The focus should be to ensure IA is implemented in the design, development, test, and production of the system being developed. In the case of an acquisition of IT services, the IA considerations

Electronic Data Interchange (EDI) is the exchange of standardized information between business partners typically communicated electronically between computers. It is used to transfer electronic documents or business data from one computer system to another computer system. EDI also is used within individual organizations that want to transfer data between different divisions or departments, including finance,

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP is the result of close collaboration with cybersecurity and cloud experts from GSA, NIST, DHS, DoD, NSA, OMB, the Federal CIO Council and its working

Note: The DoD Metadata Registry has been replaced by the DoD Data Services Environment (DSE). The Department of Defense (DoD) Data Services Environment (DSE) is managed by the Defense Information Systems Agency (DISA). The DSE provides a single location to DoD data source directories to improve search, access, consistency, and integration of data services as well

NetOps is defined as the DoD-wide operational, organizational, and technical capabilities for operating and defending the Global Information Grid (GIG). NetOps includes, but is not limited to, enterprise management, net assurance, and content management. The role of NetOps in Net-Centric Operations is to enable the GIG to provide users at all levels and in all

DoD Information Technology (IT) Portfolio Repository (DITPR) contains a comprehensive unclassified inventory of the DoD’s mission-critical and mission-essential Information technology systems and their interfaces. It contains basic overview information regarding all DoD IT systems, including;  system names, acronyms, descriptions, sponsoring components, approval authority, points of contact, and other basic information required to analyze DoD inventory, portfolios,