The Naval Information Warfare Center Atlantic (NIWC Atlantic) has updated its assessments and authorizations procedures to implement a risk management framework to improve cybersecurity across the U.S. Navy.
The Navy said Monday that NIWC Atlantic’s Command Information Office is working with Naval Information Warfare Systems Command’s information office to implement RMF and create “entry criteria” for the validation and testing of security controls.
NIWC Atlantic seeks to maintain authorizations for cloud hosting and data center services by simplifying A&A schedules and monitoring progress in the authorization process.
Brianeisha Eure, command information systems security manager at NIWC Atlantic, said the command unit has over 50 authorization packages encompassing network and hosting support, video services, telephony and command support.
She noted that the modified procedures seek to test security controls at the A&A team level before they are inherited by other teams. Matthew Colburn, RMF lead at NIWC Atlantic, said the modified review process helped speed up validation from six months to 2.5 weeks.
The initiative also helped reduce the amount of expired software and authorization packages by 80 percent, NIWC Atlantic noted.