Cybersecurity Analyst (SME)

Support the efforts to coordinate the Certification and Accreditation (C&A) of systems in accordance with the Risk Management Framework outlined by the National Institute of Standards and Technology (NIST), DoD Instruction 8500.1. This includes supporting the development, coordination and support of initial C&A, Federal Information Security Management Act (FISMA) and re-accreditation requirements. Support the efforts to coordinate and ensure Assess and Authorization (A&A) of systems are IAW DoD Cybersecurity (CS) A&A Risk Management Framework (RMF) process and/or Intelligence Community Directives (ICD) 503/Director of Central Intelligence Directive (DCID) 6/3 guidance, DoDI 8500.01, DoDI 8510.01 and AR 25-2. This includes supporting development, coordination and support of initial A&A, Federal Information Security Modernization Act (FISMA) and re-authorization requirements. Provide Information Security (IS) engineering support to integrate required security characteristics and requirements into the performance objectives of the selected system. Support system security certifications to ensure that subject systems meet all applicable security regulations and standards and are able to complete successful certification test and evaluation events. In addition, the Contractor shall provide assistance to ensure that these systems are protected from known vulnerabilities. Support the preparation and generate required security A&A documentation and coordination with the Authorizing Official (AO) to obtain successful system accreditation. Security documentation includes, but is not limited to, artifacts required by RMF and National Institute of Standards & Technology (NIST) controls such as the Security Plan (SP), Continuity of Operations Plan (COOP), Configuration Management Plan (CMP) and when required a Plan of Action and Milestones (POA&M). Support the preparation and generate required security A&A documentation and coordination with the Authorizing Official (AO) to obtain successful system accreditation. Security documentation includes, but is not limited to, artifacts required by RMF and National Institute of Standards & Technology (NIST) controls such as the Security Plan (SP), Continuity of Operations Plan (COOP), Configuration Management Plan (CMP) and when required a Plan of Action and Milestones (POA&M). Provide Information Assurance Vulnerability Management (IAVM) support to include assisting with dissemination, installation, Information Assurance Vulnerability Alerts (IAVA) reporting, and compliance procedures for IAVM. The Contractor shall perform activities and tasks specified in AR 25-2 for PM, Information System Security Officers (ISSMs) and Information System Security Officers (ISSOs) and act as a liaison with supporting System Administrators (SA) and cybersecurity personnel to promote security in IS operations. Provide configuration management support of IS software and hardware, maintain software licenses and ensure security related documentation is current and accessible to properly authorized individuals. Ensure log files and audits are maintained and reviewed for all systems and that authentication (e.g., password) policies are audited for compliance. Review and evaluate the security effects of changes to systems and networks, including interfaces with other ISs, and document changes. Ensure cybersecurity posture and accreditation boundaries are not impacted during IS support and maintenance. Ensure no relevant security changes have been made to invalidate any previously authorized accreditation. Conduct self-assessments, document validation results and generate POA&M in support of the Control Approval Chain and Package Approval Chain activities in the US Army Enterprise Mission Assurance Support Service (eMASS) online database. Provide independent validation and assessment support by conducting vulnerability scans, determining Security Technical Implementation Guide (STIG) checklist compliance and reviewing a variety of DoD, Army, RMF and NIST documentation to include SP, CMP, CP and other A&A artifacts to assess the cybersecurity posture of subject systems. Once complete, the Contractor shall compile and analyze the results, document the results in eMASS and provide validation recommendations in support of formulating Interim Authorities to Test (IATT) and Authorities to Operate (ATO) A&A decisions.