The Client

A Department of Defense (DoD) working-capital funded organization employs approximately 1,745 civilian engineers, scientists, technicians, and support personnel. The command has more than 100 laboratories and test sites focused on full-spectrum machinery systems support, commonality, and cybersecurity.

The Challenge

When the client evolved from a subordinate command to an independent division they needed to establish a new, independent IT infrastructure, execute a command-wide technology refresh project, migrate over a dozen management applications and terabytes of data, develop customized cybersecurity policies that conform to the DoD’s new Risk Management Framework (RMF) certification requirements, and attain Authorization to Operate (ATO) for more than 50 command information systems – all before the Inspector General (IG) conducted a command-wide inspection in 12 months.

The Solution

To meet the complex array of requirements on such a short timeline, Herren Associates brought together a cross-functional team of cybersecurity subject matter experts (SMEs), policy executives, network security analysts, business/program analysts, and software engineers. Their mission was to ensure that the client would pass the IG inspection in one year’s time. To succeed in this undertaking, Herren drew on nearly 30 years of experience helping federal agencies make better decisions by delivering actionable, data-driven insights.

Herren’s team helped the client’s IT division streamline their processes to focus on outcomes, not outputs, and to adapt resources at hand to meet the command’s shifting priorities. IT Project Managers provided the expertise needed to manage an effort of this magnitude and complexity, ensuring all the technical and administrative tasks required to pass the IG inspection were completed on time. Policy executives and Cybersecurity SMEs drafted command-level policies and procedures, which included managing the review and approval process. Business and program analysts provided logistics support managing information technology procurement requests, system authorization access requests, and the command-wide technology refresh project. Program analysts provided analytic support to assess and track cybersecurity workforce certification requirements for the entire command. Herren network security engineers installed and configured servers, firewalls, routers, and other hardware devices, while the team’s software engineers developed a variety of management applications. Cybersecurity SMEs updated legacy Defense Information Assurance Certification and Approval Process (DIACAP) Certification and Accreditation (C&A) packages and developed RMF Assessment and Authorization (A&A) packages to meet ATO requirements.

The Result

The client passed the IG inspection and is well on its way to becoming a model division within the DoD. From office processes to cyber defense, Herren led the way to mission success.

  • Published all 14 high-priority and six of eight medium-priority policies before the IG inspection
  • Redesigned the policy development and approval process
  • Redesigned the information technology procurement request process
  • Redesigned the vulnerability scanning and analysis process
  • Discovered and fixed over 10 new network security issues for the core infrastructure deployment (hardware and software)
  • Migrated 16 applications and terabytes of data
  • Submitted 15+ RMF assessment and authorization packages
  • Updated 50+ DIACAP certification and accreditation packages
  • Performed vulnerability scans and analyses for 50+ information systems
  • Documented the security boundaries for all 100+ laboratory environments
  • Resolved multiple security incidents as part of the incident response team

Public-sector executives need expert partners who bring complexity into focus with actionable insights – and deliver maximum value. Herren has been helping leaders make better decisions since 1989. We optimize investments, manage transformational change, and shake up the status quo in our determination to maximize the value of every dollar spent. Our value-driven approach is built on everyday collaboration with clients and business partners. We work side by side with leaders and make their mission, our mission. To learn more about Herren Associates, please visit us at


“[Herren’s] thorough knowledge of AEGIS cost data, tireless effort, and timely delivery helped the AMDR
program maintain schedule… please accept my deepest appreciation for your outstanding support.”