Cybersecurity is no longer just about checking off boxes for compliance, rather the increased threat landscape and looming budget cuts demand a mature, efficient, and effective security process. To meet this goal, ARRAY maintains a corporate ISO 27001 certification that recognizes ARRAY as having a certified Information Security Management System (ISMS). Using DoD Directive 8140.01 certified personnel, our IA process is initiated with a Site Survey that includes an assessment of the current documentation to determine compliance with DIARMF standards. The critical component is the System Security Plan that outlines the process for integrating cybersecurity controls.
ARRAY runs security tests as a routine part of our software development process and User Acceptance Testing (UAT). We develop internal plans and schedules for vulnerability management. We provide static and dynamic security test scans of system vulnerabilities, such as SQL injection and cross-site scripting, and all vulnerabilities in the Open Web Application Security Project (OWASP) Top 10. We also run dynamic security test scans and probes prior to code delivery to detect and remediate security vulnerabilities in accordance with each organization’s processes and security policies.
Team ARRAY supports our clients by taking necessary actions to resolve issues detected during Security Scans conducted in the Development and Integration environments. We ensure the security and integrity of each application by scanning source-code in the development environment to m–itigate vulnerabilities associated with SQL injections, cross-site scripting, and buffer overflows.
Systems Certification and Accreditation
ARRAY supports our clients in preparation for Assessment and Authorization (A&A) including writing documentation and participating in system security testing activities during A&A cycles. We provide A&A support to clients on many of the IT systems we maintain, using certified personnel whose responsibilities require compliance with DoD Directive 8140.01. We evaluate each system design change proposal or recommendation for its impact on system security and ensure that each proposal or recommendation includes documentation sufficient to support amending the security controls.
ARRAYs Air Force and DoD Cybersecurity Experience
- Integrated Cybersecurity principles and engineering practices into the rehosting and sustainment of AF Integrated Budget Documentation and Execution Support (IDECS) to DISA milCloud.
- Modernized and migrated the Air Force (AF) Maintenance Scheduling Module (MSM) from an insecure Microsoft Access Database to a secure web application hosted in DISA capacity services.
- Established an Assess Only approach to the Risk Management Framework (RMF)for the Contract Repair Management System (CRMS), significantly reducing cost and schedule to the Program Management Office as well as the office of the Authorizing Official.
- Integrated effective cybersecurity engineering, development, and test into the Deliberate and Crisis Action Planning and Execution Segments (DCAPES) system engineering process resulting in the delivery of releases which enhance the overall security posture of the system.