Mission assurance

Last updated

Mission Assurance is a full life-cycle engineering process to identify and mitigate design, production, test, and field support deficiencies threatening mission success.

Contents

Aspects of Mission Assurance

Mission Assurance includes the disciplined application of system engineering, risk management, quality, and management principles to achieve success of a design, development, testing, deployment, and operations process. Mission Assurance's ideal is achieving 100% customer success every time. Mission Assurance reaches across the enterprise, supply base, business partners, and customer base to enable customer success. [1]

The ultimate goal of Mission Assurance is to create a state of resilience that supports the continuation of an agency's critical business processes and protects its employees, assets, services, and functions. Mission Assurance addresses risks in a uniform and systematic manner across the entire enterprise. [2]

Mission Assurance is an emerging cross-functional discipline that demands its contributors (project management, governance, system architecture, design, development, integration, testing, and operations) provide and guarantee their combined performance in use. [3]

The United States Department of Defense 8500-series of policies has three defined mission assurance categories that form the basis for availability and integrity requirements. [4] [5] A Mission Assurance Category (MAC) is assigned to all DoD systems . [6] It reflects the importance of an information system for the successful completion of a DoD mission. It also determines the requirements for availability and integrity.

NASA's Process Based Mission Assurance Knowledge Based System is an implementation of Mission Assurance that provides "quick and easy access to critical Safety & Mission Assurance data... across all NASA programs and projects." [7]

See also

Related Research Articles

<span class="mw-page-title-main">Configuration management</span> Process for maintaining consistency of a product attributes with its design

Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. The CM process is widely used by military engineering organizations to manage changes throughout the system lifecycle of complex systems, such as weapon systems, military vehicles, and information systems. Outside the military, the CM process is also used with IT service management as defined by ITIL, and with other domain models in the civil engineering and other industrial engineering segments such as roads, bridges, canals, dams, and buildings.

<span class="mw-page-title-main">Safety-critical system</span> System whose failure would be serious

A safety-critical system or life-critical system is a system whose failure or malfunction may result in one of the following outcomes:

<span class="mw-page-title-main">United States Transportation Command</span> Unified combatant command of the United States Armed Forces

The United States Transportation Command (USTRANSCOM) is one of the eleven unified commands of the United States Department of Defense. In both times of peace and war, USTRANSCOM's role is to provide the Department of Defense with air, land, and sea transportation. USTRANSCOM was founded in 1987 and is based at Scott Air Force Base in Illinois.

<span class="mw-page-title-main">Federal Information Security Management Act of 2002</span> United States federal law

The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act recognized the importance of information security to the economic and national security interests of the United States. The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

<span class="mw-page-title-main">Global Information Grid</span> Communications project of the United States Department of Defense

The Global Information Grid (GIG) is a network of information transmission and processing maintained by the United States Department of Defense. More descriptively, it is a worldwide network of information transmission, of associated processes, and of personnel serving to collect, process, safeguard, transmit, and manage this information. It is an all-encompassing communications project of the United States Department of Defense. The GIG makes this immediately available to military personnel, to those responsible for military politics, and for support personnel. It includes all infrastructure, bought or loaned, of communications, electronics, informatics, and security. It is the most visible manifestation of network-centric warfare. It is the combination of technology and human activity that enables warfighters to access information on demand.

The Defense Information System Network (DISN) has been the United States Department of Defense's enterprise telecommunications network for providing data, video, and voice services for 40 years.

<span class="mw-page-title-main">U.S. critical infrastructure protection</span>

In the U.S., critical infrastructure protection (CIP) is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or the nation. The American Presidential directive PDD-63 of May 1998 set up a national program of "Critical Infrastructure Protection". In 2014 the NIST Cybersecurity Framework was published after further presidential directives.

Operational risk management (ORM) is defined as a continual recurring process that includes risk assessment, risk decision making, and the implementation of risk controls, resulting in the acceptance, mitigation, or avoidance of risk.

<span class="mw-page-title-main">Internal audit</span> Independent, objective assurance and consulting activity

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing might achieve this goal by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.

Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. IA encompasses both digital protections and physical techniques. These methods apply to data in transit, both physical and electronic forms, as well as data at rest. IA is best thought of as a superset of information security, and as the business outcome of information risk management.

<span class="mw-page-title-main">Marine Corps Systems Command</span> Acquisition command of the United States Marine Corps

The Marine Corps Systems Command (MCSC) is the acquisition command of the United States Marine Corps, made up of Marines, sailors, civilians and contractors. As the only systems command in the Marine Corps, MCSC serves as Head of Contracting Authority and exercises technical authority for all Marine Corps ground weapon and information technology programs. MCSC is headquartered at Marine Corps Base Quantico.

The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a deprecated United States Department of Defense (DoD) process meant to ensure companies and organizations applied risk management to information systems (IS). DIACAP defined a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS which maintained the information assurance (IA) posture throughout the system's life cycle.

Capability management is a high-level management function, with particular application in the context of defense.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

<span class="mw-page-title-main">Committee on National Security Systems</span> US intergovernmental organization

The Committee on National Security Systems (CNSS) is a United States intergovernmental organization that sets policies for the security of the US security systems. The CIA triad are the three main security goals of CNSS.

In the United States military integrated acquisition lifecycle the Technical section has multiple acquisition "Technical Reviews". Technical reviews and audits assist the acquisition and the number and types are tailored to the acquisition. Overall guidance flows from the Defense Acquisition Guidebook chapter 4, with local details further defined by the review organizations. Typical topics examined include adequacy of program/contract metrics, proper staffing, risks, budget, and schedule.

<span class="mw-page-title-main">Trusted Computer System Evaluation Criteria</span>

Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information.

The Analysis of Alternatives (AoA) in the United States is a requirement of military acquisition policy, as controlled by the Office of Management and Budget (OMB) and the United States Department of Defense (DoD). It ensures that at least three feasible alternatives are analyzed prior to making costly investment decisions. The AoA establishes and benchmarks metrics for Cost, Schedule, Performance (CSP) and Risk (CSPR) depending on military "needs" derived from the Joint Capabilities Integration Development System process. It moves away from employing a single acquisition source to the exploration of multiple alternatives so agencies have a basis for funding the best possible projects in a rational, defensible manner considering risk and uncertainty.

<span class="mw-page-title-main">IT risk management</span>

IT risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.:

Assured Compliance Assessment Solution (ACAS) is a software set of information security tools used for vulnerability scanning and risk assessment by agencies of the United States Department of Defense (DoD). It performs automated vulnerability scanning and device configuration assessment. ACAS was implemented by the DoD in 2012, with contracts awarded to Tenable, Inc. (then known as Tenable Network Security) and Hewlett Packard Enterprise Services to improve cybersecurity within the DoD. It is mandated by regulations for all DoD agencies and is deployed via download. Part of the ACAS software monitors passive network traffic, new network hosts, and applications that are vulnerable to compromise. It also generates required reports and data that are remotely accessible, with a centralized console, and is Security Content Automation Protocol (SCAP) compliant. The Defense Information Systems Agency's Cyber Development (CD) provides program management and support in the deployment of ACAS. The Army's Systems Engineering and Integration Directorate said in 2016 that ACAS gives the Army "a clear, specific and timely picture of cyber vulnerabilities and how they are being addressed. Not only does the technology streamline processes at the operator level, it also enables broader goals such as the Cybersecurity Scorecard and automated patching for improved mission assurance."

References

  1. "Mission Assurance - Gov't Needs To Manage Risk Differently in Face of New Operating Realities". Booz Allen Hamilton Inc on 8 Mar 04. Archived from the original on September 29, 2008. Retrieved 2009-09-04.
  2. "The Role of CMMI in Mission Assurance" (PDF). John Grimm, Vice President of Engineering, Raytheon Intelligence and Information Systems, 16 Nov 04. Archived from the original (PDF) on May 27, 2006. Retrieved 2009-09-04.
  3. "The Need for Mission Assurance" (PDF). RAHUL GUPTA, PRTM, 2006. Retrieved 2009-09-04.
  4. "Information Assurance Mission Assurance Category and Confidentiality Level" (PDF). Department of Defense. Archived from the original (PDF) on 2011-07-22. Retrieved 2009-09-04.
  5. "DoD Instruction 8500.2, Information Assurance (IA) Implementation, 2/6/2003" (PDF). Department of Defense. Archived from the original (PDF) on 2009-11-22. Retrieved 2010-03-06.
  6. "DIACAP Overview". Department of Defense. Archived from the original on 2009-02-01. Retrieved 2011-03-09.
  7. "Process Based Mission Assurance Knowledge Based System". NASA. Archived from the original on July 30, 2009. Retrieved 2009-09-04.