Editor’s Note: The report from the RAND National Defense Research Institute, “Rapid Acquisition and Fielding for Information Assurance and Cyber Security in the Navy” by Isaac R. Porche III, Shawn McKay, Megan McKernan, Robert W. Button, Bob Murphy, Kate Giglio, Elliot Axelband is attached here.
Among the report’s findings are:
The C&A process needs attention. Changes to the current DoD 5000 acquisition process are required for iterative CND [computer network defense] acquisition. Out of all the Navy acquisition processes we examined, we found that the C&A process is the most rigid long pole in the tent, and “information assurance certifications are consuming 30 percent to 50 percent of the IT development time” (Simpson and Langston, 2010, p. 74). Notably, CND can turn in perfect C&A packages, but there are still administrative roadblocks in the process, and, thus far, streamlining the C&A process has not been successful in reducing major wait times. The opportunity for improvement remains.
Iterative acquisition is in need of general design guidelines. To further alleviate some of the iterative acquisition challenges for CND, an initial “future-proof” design should be pursued to the greatest extent practical. However, it should be noted that generous design margins still will not alleviate issues of hardware obsolescence.
Ideally, changes to a system should be made through software upgrade “patches.” To the greatest extent possible, programs should seek initial system designs that enable such software (and configuration) changes. These changes should be targeted at the operations and maintenance, Navy, phase. The advantage is in avoiding reaccreditation for NMP and C&A and thus expediting these processes. The CND capabilities production document allows enough flexibility in the technology insertion cycles between increments for PMW [U.S. Navy Program Manager, Warfare] 130 to carry out these recommendations.
Leave a Reply