NAVFAC
Cyber Security Network Facilities Management
KEY STATS
CYBER & PROGRAM MANAGEMENT
• Provided Risk Management Framework (RMF) expertise supporting the issuance of two three-year Authority to Operate (ATO)
• Reviewed 3,500 security controls, developed 5,200 plan of action & project milestones, and developed ISSE Handbook
• Participated in Europe based RMF 3-step assessment of power generator system
• Developed policy development capability utilizing SharePoint Online reducing time to develop policies by 75%
• Completed detailed site surveys identifying FRCS and supporting infrastructure for Far East based installations
• Supported stand-up of Cyber Planning and Response Center (CPRC) team with Threat Hunting, Penetration Testing, and Malware analysis
• Executed cyber top table exercise and response plans, including SOP’s
Supported CYBERSAFE grading and critical analysis trainings
• Managed CCB framework and accountability planning
SIZE & SCALE
KC SUPPORTED SYSTEMS
• 4 Echelon III CIO orgs
• 9 Facility Engineering Commands (FECs)
• 35 FRCS across the globe
• 150 RMF milestone events
The Naval Facilities Engineering Systems Command (NAVFAC) bears the significant responsibility of delivering facilities engineering solutions for the entire U.S. Navy and Marine Corp. NAVFAC has more than 17,000 employees across the globe. As the facilities manager for the Navy, NAVFAC is responsible for Facilities Related Control Systems (FRCS), including supervisory control and data acquisition (SCADA) systems – which are often used in industrial operations to monitor and control field devices – as well as its cybersecurity policies. NAVFAC is also the Department of the Navy’s Technical Authority and overall lead agency for Cyber Security for Facilities/Industrial Control Systems (ICSs).
In the U.S. Navy, SCADA systems can be found in ashore facilities ranging from Command Centers to warehouses that store chemicals and ammunition. Given the critical nature of the Navy’s mission, the security of these technologies – regardless of their location across the globe – is essential.
The organization required an enterprise-level process and methodology for authorization when new FRCSs came online. In addition, the Information Systems Security Manager (ISSM) and Information Systems Security Officer (ISSO) needed assistance in mission critical support regarding risk management and analysis. NAVFAC also required support of numerous cyber systems, including ICS, FRCS, and operational technology.
KC provided risk analysis and systems/cyber engineering support to NAVFAC Information Technology and Operational Technology (IT/OT) systems to help bolster and protect the Navy’s global infrastructure against threats. KC also supported the Command Information Office (CIO) and the Command Information Security Officer (CISO)/Director of Cybersecurity through project management, planning, analysis, and more.
COMMAND INFORMATION OFFICE (CIO) SUPPORT:
• Develop project plans and briefings to support various Cybersecurity initiatives and stakeholder forums.
• Maintain quality assurance.
• Training activities and technology analysis.
• Alignment of IT solutions with the command’s data management policies and enterprise architecture strategy.
• Technical reporting and documentation.
• Enterprise Change Control Board (ECCB) management.
• RMF packages: including Memorandums for the Record (MFRs)
• Response to Cyber Technical Advisories (CTAs) and Information Assurance Vulnerability Management (IAVM) directives.
• Employ systems concepts and capabilities phases for development life cycle.
• Ensure security design and implementation of systems/programs in accordance with governing NIST, DoD and DON requirements/standards.
• Manage checkpoint/collaboration meetings to review RMF status for NAVFAC FRCS.
SYSTEMS ENGINEERING TECHNICAL REVIEW (SETR)
• Provides expertise across multiple systems engineering disciplines to ensure the SETR meets DON standards, is tailored to address Command-specific efforts, and meets integration/interoperability concepts supporting IT/OT interfaces.
INFORMATION SYSTEMS SECURITY OFFICER (ISSO)
• Support the government Information System Security Manager (ISSM).
• Provides support to help implement cybersecurity for the respective NAVFAC programs, organizations, systems, or enclaves.
CONTROL SYSTEMS ADMINISTRATION
• Employ best practices and expertise to effectively manage FRCS configuration.
CYBER PLANNING AND RESPONSE CENTER SUPPORT
• Provide reference resources for Key Management Infrastructure cryptologic devices
• Provide introductory touchpoints back to the National Security Agency for collaboration
MANAGEMENT NETWORK ENGINEERING
• Maximize network performance by monitoring performance, troubleshoot network problems and outages, schedule upgrades.
• Maintain security of network systems through enforcing policies and access protocols.
CRITICALITY ANALYSIS SUPPORT
• Manage the analysis, coordination, integration, and implementation of policies and procedure updates.
• Support the decomposition of systems supporting priority assets in accordance with NAVFAC/DON/DoD directives.
RISK ANALYSIS TECHNICAL SUPPORT:
• Maintained federal cybersecurity instructions, policies, procedures, directives, methodologies, and security orders.
• Oversaw reporting of cybersecurity events and incidents.
• Conducted compliance audits, developed cybersecurity awareness products and training, and continuously assessed the effectiveness of policies security SOP’s.
Take a look at what KC is doing to contribute to global cyber security, agile software development and cloud services.
ABOUT US
Our Cyber Security, Software Development and Program Management focus areas (and work methodology) ensure that we can deliver not just solutions, but architecture that scales and grows with the customer's needs over time. We are able to assist in projects ranging from short advisory engagements to assembling a full team to deliver a solution from concept through implementation and on-going management. KC has access to industry experts in various technologies and teaming partners to meet any of your IT challenges. The vision of KC is to bring the innovation, passion and agility of the commercial IT industry to meet the unique challenges of the federal government. We are a DOD Cleared Facility with a DCAA-approved accounting system.
Felix Martin, 571 435 7632 fmartin@karthikconsulting.com
CAGE: 56GH3
DUNS: 828199880 UEI: FGNNM7KNUPF6
PRIME CONTRACT VEHICLES:
GSA MAS
GSA OASIS Pool 1 and 3
NIH CIO-SP3 8(a) & SB
GSA STARS III 8(a)
Air Force SBEAS
Army RS3
Navy Seaport-NexGen
FAA eFAST
