In its ongoing pursuit of cyber excellence that maintains the U.S. Army Command, Control, Computers, Communications, Cyber, Intelligence, Surveillance and Reconnaissance (C5ISR) Center Cybersecurity Service Provider (CSSP), a trendsetter and premier leader for the advancement of Defensive Cyberspace Operations (DCO) within the Department of Defense (DOD), the C5ISR Center CSSP has attained International Organization for Standardization (ISO) 9001, Quality Management System (QMS) certification status under the scope: “The provision of Defensive Cyberspace Operations services to U.S. Federal subscribers worldwide in accordance with Executive, National, Federal, DOD, and U.S. Army cyber doctrine and requirements.” This level of certification is the first of its kind among 27 DOD and more than 100 Federal CSSPs, Network Operations Centers, Security Operations Centers, and Cybersecurity Integrity Centers.
About the C5ISR Center CSSP
Established in 2001, the DOD CSSP Program is responsible for provisioning 24x7x365 cybersecurity services (i.e., identify, protect, detect, respond, recover and sustain) to protect and defend the largest cyber landscape in the world: the Department of Defense Information Networks (DODIN). Over the last 20 years, the DOD CSSP Program has progressively and systematically matured to become one of the most critical and important components of the Defense Department’s cybersecurity strategy providing a very unique and distinctive layer of cyber defense as part of its defense in depth strategy.
Recognized as the only DOD CSSP with a dual mission—CSSP DCO and DCO Research and Development (R&D)—the C5ISR Center CSSP was founded early in 1996 as the U.S. Army Research Laboratory Computer Security Incident Response Team (ARL-CSIRT). Later, in 2007, the ARL-CSIRT became one of the first authorized Computer Network Defense Service Providers in the DOD. Over time, the C5ISR Center CSSP has continued to provide unique strategic, operational, and technical advancements for optimizing and modernizing U.S. Army and DOD DCO. The organization has repeatedly induced operationally relevant innovations to the DOD CSSP Program that have changed the way we protect and defend the DOD portion of the cyberspace domain.
ISO 9001 Compliant, CSSP Custom, and DCO Made-to-Measure QMS
Based on ISO 9001:2015, the world’s best-known quality management standard, the C5ISR Center CSSP custom and DCO made-to-measure QMS is designed to regularly measure (e.g., daily, weekly, monthly, quarterly, annually) mission critical elements associated to its CSSP DCO mission (i.e., operators, technology, processes, cyber services, and subscriber’s satisfaction) for decision making support. The C5ISR Center CSSP has tailored its QMS to satisfy mandated cyber doctrine and requirements (e.g., Executive, National, Federal, DoD, and U.S. Army) and integrate periodic spot assessments, pre-inspection assistance visits, and annual mock inspections that generate periodic continuous improvement reports that include lessons learned, best practices, findings and recommendations for continuous improvement and optimization.
Due to the criticality and sensitivity of the DOD cyber missions it supports, the C5ISR Center CSSP saw the need to leverage ISO standards to formalize a process to continuously assess and improve the cyber services it provisions to its U.S. Federal subscribers worldwide. In essence, the CSSP spent nearly one year fusing its DCO services with U.S. Government requirements for cybersecurity and the proven ISO standard. “By baking-in our DCO services with applicable U.S. Executive, National, Federal, DOD, and U.S. Army cyber doctrine and requirements, as well as globally recognized ISO 9001 standards, our CSSP has become uniquely positioned to provision best-of-breed, regulatory-compliant, and-mission-ready DCO services that have not only raised the bar—they have unlocked a new service delivery level that will soon change the expectations and requirements of the DOD and Federal CSSP Programs”, said Mr. Bill Christman, Defensive Cyber Solutions Branch and C5ISR Center CSSP Chief.
Why ISO Standards
Standards developed by voluntary consensus bodies, such as ISO, are beneficial and appropriate for use in achieving government policy objectives and in conducting government activities. ISO standards are available to organizations looking to continually improve their products and services and empower their customers through innovation. They provide clear and concise requirements, terms, and definitions that are easy to follow, combine, and integrate; further, they are adaptable—easy to fuse with organizational cyber mission priorities to develop effective and efficient QMS.
For organizations willing to consider advancing their services with ISO standards, the rewards will go beyond 100% customer satisfaction. “The attainment of ISO 9001 certification status provides clear, conclusive, and tangible evidence to our Federal subscribers that the C5ISR Center CSSP operates at the highest level of technical standards. It demonstrates our longstanding commitment for continuous improvement and optimization, as well as our ongoing pursuit of excellence for exceeding our subscriber’s expectations” noted Mr. Greg Weaver, Defensive Cyber Solutions Branch Deputy Chief and C5ISR Center CSSP Operations Manager. Mr. Weaver added, “Simply put, achieving an ISO 9001 certification means the C5ISR Center CSSP has achieved the highest form of CSSP DCO efficiency, effectiveness, and productivity.”
The Way Ahead
Custom-designed and implemented by renowned C5ISR Center CSSP strategists, Mr. Cesar Pie and Mr. Clinton Hackney, the C5ISR Center CSSP ISO 9001 QMS facilitates a continual assessment and improvement process that allows the CSSP and its supported Federal subscribers to persistently introduce, verify, and validate needed process changes and corrective actions to maintain high level objectives of protection, monitoring, detection, analysis, diagnosis, and response shifting in accord with the differing attack-surfaces and operational threat environments and classification levels it supports. “Moving forward, our experts will continue to study, research, and methodically integrate other standards such as ISO 22301, Business Continuity Management System to continue to enhance our cyber incident handling, continuity of operations, disaster recovery operations, and cyber exercise programs”, noted Christman.
The C5ISR Center CSSP leadership’s thirst for continuous improvement is at the heart of its mission/business success. With new unmatched DCO service delivery levels that are now factually reputed, first-class, and uniquely recognized and certified by a proven worldwide standard, the C5ISR Center CSSP plans to continue to explore and employ other models and methods to maintain its top-service-delivery-levels and unique levels of trust, confidence, and credibility from its global subscribers. “Only by drawing on the relative merits of proven best practices such as ISO does our CSSP gradually and methodically advance its objectives of continuous improvement and subscriber satisfaction. This approach, unique to C5ISR Center CSSP, is fast becoming the blueprint for next generation high performing CSSPs”, closed Weaver.