TDI helped secure JSF’s enterprise, providing Certification and Accreditation management, security operations, and security consulting.
TDI provided a suite of information assurance (IA) services to the Joint Strike Fighter (JSF) Program Office to secure JSF’s enterprise of fourteen classified and unclassified networks. Our support included Certification and Accreditation (C&A) management, security operations, and security consulting.
We developed C&A documentation that follows DoD Information Assurance Security Certification and Accreditation Process (DIACAP) requirements. We worked with system stakeholders to collect information from the various remote offices around the nation. TDI performed site visits to interview, update, inform, and verify site profile information with site security officers, and system stakeholders. Throughout the process, TDI served as the IA liaison by offering regulatory guidance for C&A, including advice on how to adhere to DoD as well as national and organizational security requirements such as FISMA, The Privacy Act of 1974, and OMB Circular A-130.
TDI was also responsible for continuously maintaining the accreditation of the SIPRNet network through the Connection Approval Process (CAP) within the JSF program. We performed the following: Completed the entire DIACAP process utilizing the System Identification Profile (SIP), DIACAP Implementation Plan (DIP), the DIACAP Scorecard, the System Security Plan (SSP), and the Plan of Action and Milestones. TDI also secured critical infrastructure components and endpoints by implementing configurations according to applicable Security Technical Implementation Guides (STIGs), and by remediating vulnerabilities that were identified in vulnerability scans.
TDI was also responsible for policy compliance, internal policy development, and strategic planning for the Information Technology Division. TDI designed Business Continuity and Disaster Recovery Plans for JSF, developing security record keeping procedures and program impact analyses. We monitored DoD compliance notices issued by United States Cyber Command and ensured that security patches, Communication Tasking Orders and Warning Orders were implemented in a timely fashion.
TDI performed Information Assurance Officer (IAO) duties within the classified vault space for Top Secret Special Access Programs (SAP) which included the following duties: developed the Certification and Accreditation Plans for both the collateral and Top Secret networks; ensured that systems were operated, maintained and disposed of in accordance with internal security policies and practices as outlined in the SSP; and ensured that all users had requisite security clearances, authorization, and need-to-know, and were aware of their security responsibilities before access was granted. TDI formally notified the Information Assurance Manager (IAM) and Designated Approval Authority (DAA) when changes occurred that might affect the accreditation. We also reported any security-related incidents or violations, and notified management of any change in a systems’ intelligence and SAP level information. TDI also ensured that IA requirements were addressed during all phases of the system life cycle and authorized software, hardware and firmware use before implementation on any of the classified systems.
Our team also served as JSF’s primary contact for the U.S. Air Force Information Warfare Center’s (AFIWC) Automated Security Incident Monitor (ASIM), the Air Force’s 24 hour/7 day per week worldwide intrusion detection tool. Communications were maintained frequently ensuring prompt responses to reported security incidents. We developed configurations and Automated Information System Security Plans (AISSPs) for network and standalone classified processing systems from Secret/Collateral to Top Secret/Special Access Required (TS/SAR). We ensured that the security architecture of the network complied with stringent national computer security requirements.
TDI’s implementation and management of cryptologic technologies had significantly increased the security of data transmitted on the JSF networks. TDI implemented the Joint Strike Fighter (JSF) Program Public Key Infrastructure (PKI) to organize and manage individual encryption keys to securely transmit For Official Use Only (FOUO) information across public networks. TDI validated users’ identities, tracked PKI certificate expirations, and revoked them per JSF policy. We applied our knowledge of Federal Information Processing Standard (FIPS) 201: Personal Identity Verification of Federal Employees and Contractors, National Institute of Standards and Technology (NIST) Special Publication (SP) 800-32: Introduction to Public Key Technology and the Federal PKI infrastructure, NIST SP 800-73: Interfaces for Personal Identity Verification, and Homeland Security Presidential Directive (HSPD)-12 PIV-1 security controls. Incorporating these and various other standards, TDI ensured the security architecture of the JSF network complied with stringent national computer security requirements.
TDI also secured web applications. We installed VeriSign certificates (PKI security key) for the Flight Clearance application and helped to export/import VeriSign keys for the Flight Test Status Report. As the COMSEC custodian, we ordered, controlled, and installed all encryption key material. TDI managed Intelligence Community PKI tokens within JSF and were responsible for the security design review and corrections a security vault build. We wrote the User Instructional Guide for the Security System, Flight Clearance, and Suspense Tracking Applications. Finally, we wrote technical advisory White Papers, such as one to recommend encryption and its usage on Personal Digital Assistants program-wide.
Our successful efforts led to TDI becoming the central point of reference for all cyber security related matters at JSF. At various times throughout the performance period, TDI personnel have received commendations from the JSF PM and Deputy PM. TDI performance was praised (July of 2008) by our customer who indicated “what a great job [TDI employee] is doing for the Information Assurance team at Joint Strike Fighter”. He added: “My hat’s off to [TDI Employee] and the rest of the TDI team for creating such a higher standard within the IA Industry.”