2017 CTMA INTEGRATED PROJECT BRIEF: GLIS/CYBER SECURITY RISK MANAGEMENT FRAMEWORK
Background: Modernizing USMC LOG IT • Original ERP Path had 9 Increments • Everything to be in the Oracle E-Business Suite • Under the ACAT IAM program • Reality of ERP Fielding • ERP implementation replete with Cost/Schedule Breaches and Capability Gaps • 9 Years for Increment 1 • The ‘ Road to Rome ’ became the ‘ Rape of NanKing ’ • Drives PM to madness…and Innovation • Seeking a better way
Development of Operational Transition Procedures & Sustainment Analysis for Global Logistics Integration System (GLIS) Supply & Maintenance Functions – Phase IV
Problem Statement • While many ERPs can be an effective logistics management system, their actual implementation has created several challenges for the end users. Specific Problems & Challenges follow for the USMC effort: – A thorough understanding of the ERP system is lacking across the user base especially in relation to the deployment of units. – Full utilization of the system and the ability to properly configure units for deployment have led to great inaccuracies in accountability, auditability, and readiness. – Addressing the training shortfalls and lack of understanding of a new GLIS remains a prime component needed for successful implementation of the ERP. – The requirement of training a robust workforce along with implementing a completely new approach to maintenance and logistics processes while not degrading operations -- Key in expeditionary environments. – Linking supply and maintenance functions in a congruous manner for effective resource utilization. – Records tracking maintenance activities have been insufficient, underwriting poor lifecycle management of equipment which degrades industry’s ability to forecast and manufacture equipment and material. – Better forecasting and utilization measurement for deploying units are needed for the limited storage space and resupply capabilities of deployed units. Enterprise Resource Planning (ERP) implementations as well as those developed specifically for the Department of Defense (DoD) have proven to be challenging at best in delivering a required Portfolio Solution in the replacement and modernization of industry and DoD business systems.
Technical Approach • Continued enhanced education and training is a primary effort that underwrites improved system performance and future quality rollouts. Coupled with this are the other actions including capture of system deficiencies and building of solutions and modifications; reports and analysis of best business practices; and preparation for and evaluation and refinement of ERP upgrade rollouts as well as additional increments to include deployable solutions. Refining these elements will be critical in order to achieve the highest level of safety for the majority of products produced and ultimately sold to the public. The use of specialized training and development of lessons learned will be paramount to the success of the ERP. The overall objective of GLIS is to explore, develop, and demonstrate improved implementation actions, processes, and procedures in order to increase the accuracy, auditability, efficiency and effectiveness of the supply chain and maintenance functions through knowledge management and general logistical and technical analysis, solution development, and implementation. These efforts are expected to result in the identification and correction of deficiencies in Material Management, Equipment Accountability/Visibility, Distribution Visibility, Fiduciary Accountability and Auditability, User Functionality, and Material Readiness. Special areas of focus will be on reporting and financial compliance activities, accuracy of records, and ability to forecast and project maintenance and supply capabilities, material inventories, and utilization of personnel and assets.
Overall Benefits Benefits to the Public and Industry: Benefits to Government: • • Capturing successful training techniques that address software Results in more effective and timely preventive and corrective lifecycle management requirements shared with industry and can be maintenance execution and reduced rebuild turnaround time for utilized in the implementation of ERPs in support of multi-echelon, equipment with a potential savings. multi-party Supply Chain Management deployments. • Reduction in costs due to a more efficient maintenance pipeline. • Obtaining an optimal model for design, development, and testing of • Increased asset readiness with respect to maintenance, readiness, and an ERP that is fully useable in both the public and private sector. equipment availability and allocation. • Providing a reasonable solution for industry on how best to obtain • Increased visibility of supply status and availability of resources. supply chain information such as maintenance and readiness data. • Improved maintenance, supply, and asset tracking/accountability. This will ultimately help reduce redundancy and streamline logistical • Improved efficiency and effectiveness of users within the system. support along with producing usable data, further improving products • Significant decreased lifecycle cost of equipment through a reduction in and services availability at best cost. man-hours for management of assets • Providing the ability to leverage successful software development and • Supports attainment of “Public Clean” Audit as congressionally implementation through lessons learned and technical and procedural mandated. innovations. • The Marine Corps learns from industry using best practices to better • Improved processes and procedures by combating “ERP shock” account for its equipment based on operational user observations and through enhanced training, better liaison with users, and advocacy for suggestions with an emphasis on understanding total ownership costs. the system resulting in a package that best mitigates the hazards of ERP implementation. • Offering an enhanced ability to plan, forecast, and execute the manufacture and distribution of key equipment and material through an OEM’s supply chain with improved inventory accuracy.
Technology Deployment • All Marine Corps Operating Forces & Supporting Establishment Command are using GCSS MC LCM 1.1 • Deployed Globally
Project Team Participants • Headquarters Marine Corps, DC I&L (LPV, LPC) • Marine Corps Logistics Command • Marine Corps Systems Command • National Center for Manufacturing Sciences • Anglicotech, LLC
CYBER SECURITY AND RISK MANAGEMENT FRAMEWORK PROJECT
Problem Statement • Department of Defense (DoD) systems have become increasingly networked, software intensive, and dependent on a complicated global supply chain, which has increased the importance of security as a systems engineering design consideration. In response to these conditions and environment, the DoD has established Program Protection/System Security Engineering as a key discipline to protect technology, components, and information from compromise through the cost-effective application of countermeasures to mitigate risks posed by threats and vulnerabilities. • The analysis, decisions, and plans of Acquisition Programs are documented in a Program Protection Plan, which is updated prior to every Milestone decision. DoD systems incorporate an extensive amount of software, and therefore defense programs must conduct early planning to impose software assurance countermeasures to counter adversarial threats that may target vulnerable software. • Programs must ensure systems are securely supplied, designed, and tested to ensure mission success and to protect critical functions, associated components, and critical program information (CPI). Of particular interest are protection and assurance activities undertaken during the integration and development of commercial off-the-shelf (COTS) components; activities designed to mitigate attacks against the operational system (the fielded system); and activities that address threats to the development environment. HOW TO DO THIS IN DOD OR PUBLIC SECTOR – ADHERE TO RMF ENGINEERING BUT OPTIMIZE INDUSTRY ADVANCEMENTS IN SOFTWARE DEVELOPMENT (E.G. PAAS)
Technical Approach • The Contractor will support a major review of all systems, applications, environments in the GCSS MC Portfolio to include a continued institutionalization of the Risk Management Framework (RMF) assessment as a component requirement of Systems Engineering Technical Review (SETR) documentation within all systems in production and all pending and future developmental efforts. • Continue RMF Security Plan assessments and analysis from current the Commercial Technologies for Assist the GCSS MC PMO IA Team with a full integration of RMF into the Software Development Life Cycle (SDLC) Maintenance Activities (CTMA) project with PaaS and a full programmatic implementation to comply with vendors and integrators implementing Class V DoD, DON Policy and procedures as required by the Ground Ammunition OIS Retail Tactical roll out and below references: • NIST SP 800-37r1 – Guide for Applying the Risk support any ongoing Industry Software Environment Management Framework to Federal Information Systems (incorporating the RMF into the SDLC) and Development Assessments to include • NIST SP 800-39 - Managing Information Security Risk Architecture and Infrastructure Organization, Mission and Information System View • FISMA • OMB Circular A-130, Appendix III
Recommend
More recommend