As a subcontractor to Prime, Nexagen provided Cybersecurity and A&A (previous Certification and Accreditation) expertise for several different Manned and Unmanned BCT-M vehicular Information Systems. These included Network Integration Kit (NIK), Tactical and Urban Unattended Ground Sensors (T/U-UGS), Small Unmanned Ground Vehicle (SUGV), Class I Unmanned Air System (UAS), Common Controller (CC), IO Kit and Incremental Battle Command Extension (IBEX) systems. Our roles and responsibilities included the following tasks:
Security Engineering Support: We provided requirements engineering for the Army BCT-M program. System IA requirements were derived from DoDI 8500.2, Army Regulation 25-2, DoD 5XXX series of policies, and DCID 6/3 PL3 and higher.
IA requirements non-compliance cases: performed Security Risk Assessments and derived get-well plans for IA requirement non-compliancy cases for review by the ISSM and SCA-V.
NSA/NIAP/NIST Certification: We developed the CDS certification documentation package for the NIK Dual Enclave configuration in support of the NSA-guided CDS Certification Test & Evaluation (CT&E). We also developed the Key Management Plan (KMP) for the CC Data At Rest (DAR) solution to be NIST Certified. Developed the Security Target for System of System Common Operating Environment (SOSCOE)’s NIAP certification.
Software Assurance: We developed guidance on Malicious Code Detection and Risk Management Process for BCT-M. We derived Software Assurance Section for BCT-M Software Development Plan (SDP). We also performed security risk assessments on reuse software types for BCT-M Software Configuration Control Board (SCCB) review and concurrence.
Self-Assessor Support: Conducted Self-Assessment ensuring robust secured System of System (SoS) implementation for ATO decision.
Certification and Accreditation Documentation Support: Developed and maintained Certification & Accreditation Documentation.