skip to main content

An official website of the United States government

Here’s how you know

Official websites use .mil
A .mil website belongs to an official U.S. Department of Defense organization.

Secure .mil websites use HTTPS
A lock ( Lock Locked padlock icon ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Fed Outside of DoD _ DoD Universities & Private Sector
serdp and estcp logo
  • About Us
  • Projects
    Project Directory Energy & Water Test & Training Lands Chemicals & Materials Natural Hazards PFAS Other Chemicals of Concern UXO
  • News
  • Webinars
  • Resources
  • Work With Us
  • Mailing List Login to SEMS
Mailing List Login to SEMS

For mobile, landscape view is recommended.

Image

Innovative Tools that Reduce the Time and Cost Required to Obtain and Maintain Authority to Operate for Facility Energy and Water Control Systems and Connected Technology

ESTCP, Installation Energy and Water Program Area

Released January 8, 2019

Closed March 7, 2019


FY 2020
  1. Work With Us
  2. ESTCP FY 2020 Solicitation

Objective

The Department of Defense (DoD) Installation Energy Test Bed sought innovative tools that reduce the time and cost required to obtain and maintain Authority To Operate for systems supporting new facility energy and water technologies. Proposed technologies were asked to demonstrate that they help installation personnel reduce the time and cost to complete the Risk Management Framework process and that they satisfy requirements established in DoD Instruction (DoDI) 8500.01, Cybersecurity, and DoDI 8510.01, Risk Management Framework (RMF) for DoD Information Technology and any applicable Service-specific requirements. DoD sought solutions/tools that enabled more efficient execution and/or documentation of portions of the cybersecurity process, such as aiding the incorporation of cybersecurity in FRCS design, the testing and validation of FRCS, or the continuous monitoring of FRCS.

Demonstration projects with the following characteristics were preferable:

  • High likelihood of supporting reciprocity1 between Services
  • High calculable time and cost savings, as a direct result of the technology
  • Minimal design and engineering required for deployment of the technology after the demonstration
  • Development of cost factors and metrics to demonstrate scalability of the solution
  • Low cost to implement after the demonstration
  • Cost sharing

Project teams were encouraged to include representatives from each of the Services to ensure broad acceptance of demonstrated approaches and technologies. The demonstration program was for technologies and methods with completed proof-of-principle work. The impact of the demonstration should have been to reduce the time and cost of gaining and maintaining ATO for new facility energy and water control systems and devices.

Funded projects will appear below as project overviews are posted to the website.

Background

Many new facility energy and water technologies are not able to provide their full benefit (operational efficiency or energy and cost savings) to DoD due to restrictions on network connectivity stemming from cybersecurity concerns. Additionally, new facility energy and water technologies increasingly incorporate “smart” components and control systems that rely on network connectivity to send and receive data and control signals. For these technologies to operate as intended and be cost-effective, they must have access to DoD networks with minimal additional installation, operation and maintenance costs. Currently, the process to gain ATO, a requirement for network connected systems and devices, can be cost-prohibitive and time consuming, which limits DoD’s ability to benefit from these advanced technologies.

Platform IT (PIT), which is identified in the RMF process, is a category of both IT hardware and software that is physically part of, dedicated to, or essential in real time to the mission performance of special purpose systems. PIT is further categorized as PIT products, PIT subsystems, or PIT systems. PIT differs from “traditional” IT in that it is integral to – and dedicated to the operation of – a specific platform. Although the term PIT is used only by DoD, the concept of categorizing components and systems dedicated to the operation of a specific platform is not.

DoDI 8510.01 provides for cybersecurity reciprocity for purposes of reducing time and resources wasted on redundant test, assessment and documentation efforts and is best achieved through transparency (i.e., making sufficient evidence regarding the security posture of an IS or PIT system available, so that an Authorizing Official (AO) from another organization can use that evidence to make credible, risk-based decisions regarding the acceptance and use of that system or the information it processes, stores, or transmits).

A key challenge for reciprocity is identifying the risks associated with the service’s/agency’s Platform Enclave (Transport Backbone) and applying appropriate security control mitigations to ensure the AO from one service will honor the authorization from another service with a different enclave configuration (e.g. Navy PSNet and AF COINE).

Additional information on the RMF process and related references can be found on the SERDP & ESTCP website at:

https://www.serdp-estcp.org/focusareas/867943c7-3959-4242-a34c-438d25e4e37b/control-systems-cybersecurity#tools-training

serdp and estcp logo
 

Strategic Environmental Research and Development Program (SERDP)

Environmental Security Technology Certification Program (ESTCP)

 
 
  • Project Directory
  • Energy & Water Test & Training Lands Chemicals & Materials Natural Hazards PFAS Other Chemicals of Concern UXO
  • NEWS
  • WEBINARS
  • RESOURCES
  • ABOUT US
  • Login to SEMS
  • Mailing List
 

Office of the Deputy Assistant Secretary of Defense (Energy Resilience & Optimization) 
3500 Defense Pentagon, RM 5C646
Washington, DC 20301-3500

Phone (571) 372-6565

Contact | Accessibility | FOIA Requests | Privacy Policy | Copyright Information | Media/Press

About DoD | DoD Information Quality | No Fear Act | Plain Language | Privacy Program | USA.gov

 
  • Project Directory
  • Energy & Water Test & Training Lands Chemicals & Materials Natural Hazards PFAS Other Chemicals of Concern UXO
  • NEWS
  • WEBINARS
  • RESOURCES
  • ABOUT US
Login to SEMS
Mailing List
 

Office of the Deputy Assistant Secretary of Defense (Energy Resilience & Optimization) 
3500 Defense Pentagon, RM 5C646
Washington, DC 20301-3500

Phone (571) 372-6565

Contact | Accessibility | FOIA Requests | Privacy Policy | Copyright Information | Media/Press

About DoD | DoD Information Quality | No Fear Act | Plain Language | Privacy Program | USA.gov