DoD Joint Federated Assurance Center (JFAC) 2017 Update Thomas Hurt Office of the Deputy Assistant Secretary of Defense for Systems Engineering 20th Annual NDIA Systems Engineering Conference Springfield, VA October 26, 2017 Oct 26, 2017 Page-1
How Did We Get Here? LEGEND Policy & Guidance Congressional Actions Reports 2012 Two Questions for the Record 2017 Enclosure 14 -- Cybersecurity DoDI 5000.02 2000 2010 2017 2004-2006 DoD Software Assurance (SwA) Tiger Team 2011 DoD SwA Strategy FY11 NDAA, Sec. 932 2013 SwA Automation FY13 NDAA, Sec. 933 2014 Establish JFAC FY14 NDAA. Sec. 937 2017 JFAC SwA Capability Gap Analysis DSB Task Force on Cyber Supply Chain Congress and DoD have acknowledged the need for increased software assurance to improve confidence in secure and resilient weapon systems for over a decade. JFAC: Joint Federated Assurance Center Oct 26, 2017 Page-2 Distribution A Statement. Approved for public release by DOPSR. Case # 17-S-2487. 18-S-0071. Distribution is unlimited.
Joint Federated Assurance Center (JFAC) FY14 NDAA Section 937 Joint Federated Assurance Center (JFAC) Key provisions: Charter elements: Role of federation in supporting program offices provide for the establishment of a joint federation of capabilities to support the trusted defense system needs to ensure security in the software and hardware developed, acquired, maintained, and used by the Department consider whether capabilities can be met by existing centers [if gaps] shall devise a strategy [for] resources [to fill such gaps] [NLT 180 days, SECDEF shall] issue a charter submit to congressional defense committees a report on funding and management SwA and HwA expertise and capabilities of the Federation, including policies, standards, requirements, best practices contracting, training and testing R&D program to improve code vulnerability analysis and testing tools Requirements to procure manage, and distribute enterprise licenses for analysis tools Oct 26, 2017 Page-3
What Has DoD Done? Development of Concept of Operations (CONOPs) and Charter Establishment of JFAC Coordination Center (JFAC-CC), Steering Committees, Working Groups (WGs) Piloting Software Assurance (SwA) license distribution and management Conduct SwA and Hardware Assurance (HwA) Capability Gap Analysis Oct 26, 2017 Page-4
JFAC Operational Structure HwA Technical Working Group DepSecDef USD(AT&L) JFAC Steering Committee JFAC Advisory WG JFAC Coordination Center JFAC CC Portal Portal Service Providesrs Service Providers Service Providers AT&L SwA Technical Working Group CIO Army DISA Navy NSA Air Force NRO MDA DMEA DOE Policy and Technical AOs assigned by above organizations SwA and HwA Working Groups Collaboration and shared prioritization in daily/weekly activities, meet on a regular basis Recommend policy and guidance Provide community forum for hard problem analysis and question/answer JFAC Coordination Center Coordination of Service Providers Supports programs with situational awareness, information/best practices, coordination SwA analysis tool license distribution Portal: https://jfac.army.mil Assessment Knowledge Base (future) JFAC Action Officer (AO) WG AOs for JFAC Steering Committee Maintain enterprise and strategy cognizance Reporting and ROI status Oct 26, 2017 Page-5 Distribution A Statement. Approved for public release by DOPSR. Case # 17-S-2487. 18-S-0071. Distribution is unlimited.
What s Going On Now? JFAC Web portal and SwA tool license distribution Security Classification Guide Field Programmable Gate Array (FPGA) Strategy Resourcing Oct 26, 2017 Page-6
What s Next? Develop JFAC Full Operational Capability (FOC) strategy Improve DoD SwA throughout Lifecycle Planning, Execution and Sustainment Invest in Technology and Resources Upgraded Infrastructure for Federated DoD-wide Coordination of Software Assurance Linking Sustainment to Early Program Development JFAC website on SIPR, JWICS One-stop shop for SwA tools and best practices New S&T and Assessment Knowledge Base portals https://jfac.army.mil Oct 26, 2017 Page-7
Conclusion The JFAC s goal is to provide DoD programs a one-stop shop to request, evaluate, and obtain resources to improve their software assurance practice. SwA analysis tool license distribution and management Service providers for programs SwA work; SMEs focused on hard problems SwA best practices JFAC is addressing key software assurance gaps. Developing FOC strategy to execute as resourcing becomes available Publishing best practices at JFAC web portal (https://jfac.army.mil) Oct 26, 2017 Page-8
Systems Engineering: Critical to Defense Acquisition Defense Innovation Marketplace http://www.defenseinnovationmarketplace.mil DASD, Systems Engineering http://www.acq.osd.mil/se Oct 26, 2017 Page-9
For Additional Information Mr. Thomas Hurt ODASD, Systems Engineering 571-372-6129 thomas.d.hurt.civ@mail.mil Oct 26, 2017 Page-10