A Department of Defense (DoD) working-capital funded organization employs approximately 1,745 civilian engineers, scientists, technicians, and support personnel. The command has more than 100 laboratories and test sites focused on full-spectrum machinery systems support, commonality, and cybersecurity.

When the client evolved from a subordinate command to an independent division they needed to establish a new, independent IT infrastructure, execute a command-wide technology refresh project, migrate over a dozen management applications and terabytes of data, develop customized cybersecurity policies that conform to the DoD’s new Risk Management Framework (RMF) certification requirements, and attain Authorization to Operate (ATO) for more than 50 command information systems – all before the Inspector General (IG) conducted a command-wide inspection in 12 months.

To meet the complex array of requirements on such a short timeline, Herren Associates brought together a cross-functional team of cybersecurity subject matter experts (SMEs), policy executives, network security analysts, business/program analysts, and software engineers. Their mission was to ensure that the client would pass the IG inspection in one year’s time. To succeed in this undertaking, Herren drew on nearly 30 years of experience helping federal agencies make better decisions by delivering actionable, data-driven insights.

Herren’s team helped the client’s IT division streamline their processes to focus on outcomes, not outputs, and to adapt resources at hand to meet the command’s shifting priorities. IT Project Managers provided the expertise needed to manage an effort of this magnitude and complexity, ensuring all the technical and administrative tasks required to pass the IG inspection were completed on time. Policy executives and Cybersecurity SMEs drafted command-level policies and procedures, which included managing the review and approval process. Business and program analysts provided logistics support managing information technology procurement requests, system authorization access requests, and the command-wide technology refresh project. Program analysts provided analytic support to assess and track cybersecurity workforce certification requirements for the entire command. Herren network security engineers installed and configured servers, firewalls, routers, and other hardware devices, while the team’s software engineers developed a variety of management applications. Cybersecurity SMEs updated legacy Defense Information Assurance Certification and Approval Process (DIACAP) Certification and Accreditation (C&A) packages and developed RMF Assessment and Authorization (A&A) packages to meet ATO requirements.