The Naval Surface Warfare Center Dahlgren Division (NSWCDD) has achieved full compliance status for 49 Risk Management Framework Security Authorization Packages involving warfare systems it developed for the U.S. Navy.
NSWCDD said its assessment and authorization personnel received authorization to operate for all systems with security controls documentation submitted over a two-year period.
The group works with development teams to remediate and mitigate vulnerabilities identified in the presented systems to obtain clearance at the warfighter level from Naval Sea Systems Command or U.S. Fleet Cyber Command.
"When any of the departments submit a package, we review all elements and provide them with feedback on fixes to execute … making sure that vulnerabilities and high-risk items are closed out before we submit the package to NAVSEA," said Barney Mahaney, lead for the NSWCDD's cybersecurity and compliance branch A&A team.
His team holds designation as a Trusted Package Submitting Office for the Security Control Assessor Liaison for NAVSEA. Mahaney noted that the TPSO review process allows security packages to bypass conventional compliance reviews and cuts down the authorization period by one to two months.