The overall objective of this project is to complete the technology transition of a tailored Facility-related Control System (FRCS) Designer of Record (DoR) cybersecurity requirements specification and Risk Management Framework (RMF) self-assessment toolset for use by the Department of Defense (DoD) Services in the form of delivery of Service-specified toolset(s) to Government sponsor(s). This project will support DoD stakeholders involved in the lifecycle management of the RMF process and will align the original RMF Self-Assessment Tool (R-SAT) capabilities with the DoR tool, developed by U.S. Army Corps of Engineers Engineer Research and Development Center, Construction Engineering Research Laboratory, to provide continuity for Design and Construction stakeholders and Information System Owners (ISOs) responsible for conducting FRCS RMF self-assessments. Ultimately, the enhanced capabilities of R-SAT will be transferred to one or more DoD sponsors. A technology transfer plan will also be developed to integrate R-SAT capabilities into a commercial software application, Quicx™.
This project aligns and integrates R-SAT with the DoR tool and commercially available software. This will improve energy and water resilience by providing an end-to-end means for stakeholders to manage and track the specific cybersecurity requirements. To meet the technical objectives, the proposal team will evaluate R-SAT, the DoR Tool and Quicx to design the integration, develop a plan for sustainment, and implement new capabilities. R-SAT was developed to help FRCS Information System Owners perform RMF self-assessments to identify, mitigate, and monitor cyber-security risks. The DoR tool assists FRCS ISOs in the selection of the RMF baseline controls and associated control correlation identifiers for FRCS cybersecurity design requirements. QuicxT™ is a commercial off the shelf product available to government and commercial users. It is web-based commissioning and project management software, used to manage inventory, delivery, inspection, testing, and documentation of FRCS. The R-SAT tool will be transitioned to a Government sponsor for ongoing maintenance and incorporated into Chinook Systems, Inc. web-based commercial software application, Quicx™.
The technology transfer to a government sponsor, the enhancement of the original R-SAT, and the alignment with the DoR tool and Service-specific processes will provide continuity among FRCS cybersecurity stakeholders and achieve savings in labor hours that far exceeds the anticipated cost of the project. The R-SAT and DoR Tools will be free software. The low cost of ownership to the government are to keep pace with changes to eMASS and DoD policy related to cyber security. Within the DoD, there are an estimated 2.5 million unique control systems that are used in over 300,000 buildings (each building may have 5-20 subsystems such as HVAC, lighting, fire, etc.). One of the most common barriers faced by installations in adopting new technologies is the time and cost to meet the cybersecurity requirements and obtain an authorization to operate1. Getting R-SAT into the hands of FRCS ISOs, will provide significant time-savings in developing RMF artifacts and eMASS data entry at very minimal cost to maintain Excel application(s).