Rivera Group Transitions CECOM SEC from DIACAP to RMF
The Challenge
The U.S. Army Communications-Electronics Command Software Engineering Center (CECOM SEC) provides, integrates, and sustains the Army's Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) systems, which deliver information advantage to the warfighter around the globe, and must have adaptive, defense-in-depth security postures.
CECOM SEC was mandated by the Federal Government to transition all four operation locations from the DoD Information Assurance Certification & Accreditation (DICAP) to the secure Risk Management Framework (RMF) process within a short deadline. CECOM SEC was working with outdated documentation, which put them behind schedule of meeting the new security compliance regulations.
To successfully and timely transition, CECOM SEC required Rivera Group's agility, expertise, and in-depth knowledge of DoD cybersecurity and experience in innovating under pressure to meet an aggressive program schedule on a short-suspension contract.
Learn how CECOM SEC made a successful transition from DIACAP to RMF with a $6M cost savings.
Don’t worry, we hate spam too. We won’t share your details with anyone.
The Solution
Rivera Group's cybersecurity team spread across four geographically-dispersed locations to fulfill CECOM SEC RMF requirements. Rivera Group formulated a lean approach to communication and collaboration which streamlined focus on meeting customer requirements and expediting resources to all four sites.
Our team exceeded customer expectations and pioneered innovative documentation templates to meet the expedited completion of the RMF transition. These templates were tailored to the client's RMF compliance reporting to deliver accelerated Authorizations to Operate (ATOs). In only 18 months, Rivera Group achieved ATOs for nine systems and placed another nine systems under continuous monitoring plans.
Rivera Group also provided expert guidance and support to CECOM SEC throughout the six-step RMF process. Our team performed automated scans and manual checks of systems, which allowed CECOM SEC personnel to complete the self-assessment process efficiently and effectively to meet the tight deadline for transitioning to RMF.
The Results
Our approach to staffing and program management, combined with the knowledge of our technical team, provided spectacular results for CECOM SEC:
- ATOs Achieved. '[Rivera Group] was instrumental in the Government obtaining ATO status for their systems undergoing the accreditation or re-accreditation process under RMF and DIACAP within a short suspense window of two weeks to one month.' – CPAR
- Mitigating Schedule Risk. When a DoD-wide SIPRNET token shortage threatened a work slowdown we implemented an 'off-line' initiative to keep the program on schedule.
- Electronic Key Management System (EKMS) Administration. In addition to rapidly transitioning the EKMS from DIACAP to RMF accreditation, our team was also called upon to provide Tier 1 system administration support to the EKMS to overcome the impact of a hiring freeze.
- Document Standardization. 'The Contractor's generation and use of documentation templates created efficiencies that created time savings for the Government. The documentation templates will eliminate the need to 'reinvent the wheel' for future systems undergoing the RMF process.' – CPAR
- Cost Elimination. 'By providing effective self-assessment services, the Contractor accomplished a cost avoidance of $6,000,000.00 by meeting an accreditation schedule and eliminating the need to renew a costly support agreement for an end of life/end of support operating system.' – CPAR