Please use this identifier to cite or link to this item: https://hdl.handle.net/11681/29507
Full metadata record
DC FieldValueLanguage
dc.contributor.authorLiesen, Richard J.-
dc.contributor.authorJohnson, Jessica A.-
dc.contributor.authorSwanson, Matthew M.-
dc.contributor.authorStinson, James T.-
dc.contributor.authorCase, Michael P.-
dc.date.accessioned2018-09-24T14:04:32Z-
dc.date.available2018-09-24T14:04:32Z-
dc.date.issued2018-09-
dc.identifier.govdocERDC TR-18-15-
dc.identifier.urihttp://hdl.handle.net/11681/29507-
dc.identifier.urihttp://dx.doi.org/10.21079/11681/29507-
dc.descriptionTechnical Report-
dc.description.abstractThe System Master Planner-Net Zero Planner (SMPL-NZP) Tool is an installation energy master planning tool demonstrated via the Environmental Security Technology Certification Program (ESTCP). The goals of this project were to: (1) use the SMPL-NZP Tool as a case study for the new Risk Management Framework (RMF) security process and document for future projects, and (2) develop a standard training course for the tool and demonstrate how modern training can be accomplished and delivered. This project: (1) provided training and tutorial materials for SMPL-NZP Tool users, and (2) pursued RMF Application certification to allow hosting of the SMPL-NZP Tool on DoD servers and Add additional encryption to web services to comply with RMF requirements. A small in-house group was trained on the RMF process, the SMPL-NZP Tool was assessed as an RMF case study, and a user guide was completed. Online training was developed and hosted on YouTube™. At this time the SMPL-NZP Tool has Authority to Operate (ATO) on the ERDC Cloud Computing Environment where it is currently being hosted.en_US
dc.description.sponsorshipEnvironmental Security Technology Certification Program (U.S.)en_US
dc.description.tableofcontentsAbstract .......................................................................................................................................................... ii Executive Summary ..................................................................................................................................... iii Tables .............................................................................................................................................................vii Preface ......................................................................................................................................................... viii 1 Introduction ............................................................................................................................................ 1 1.1 Background ..................................................................................................................... 1 1.1.1 Stability................................................................................................................................. 1 1.1.2 Scalability ............................................................................................................................. 1 1.1.3 Accreditation ........................................................................................................................ 2 1.2 Objectives ........................................................................................................................ 3 1.3 Regulatory drivers ........................................................................................................... 3 2 Technology Transfer Description ........................................................................................................ 5 2.1 Technology transfer overview ......................................................................................... 5 2.2 Technology development ................................................................................................ 5 2.3 Advantages and limitations of RMF ............................................................................... 6 3 Test Case Description and Conditions .............................................................................................. 7 3.1 Milestones and status for the technical transfer from research to production........... 7 3.2 SMPL-NZP Tool™ RMF Process™ ................................................................................. 12 3.3 Software security report ............................................................................................... 13 3.4 SMPL-NZP Tool™ video tutorials .................................................................................. 13 4 Training and Scalability Requirements for Successful Technology Transfer .......................... 14 4.1 Videos and training method ......................................................................................... 14 4.2 Training medium ........................................................................................................... 15 4.3 Scalability ...................................................................................................................... 15 4.4 Time and cost savings .................................................................................................. 16 4.5 Accessing the Training .................................................................................................. 16 4.6 Technology transfer ...................................................................................................... 17 5 Risk Management Framework Guidelines: from SMPL-NZP TOOL Technology Transfer RMF Process Results ......................................................................................................................... 19 5.1 Getting started .............................................................................................................. 19 5.1.1 Understanding RMF........................................................................................................... 19 5.1.2 Know the system and environment .................................................................................. 20 5.1.3 Identify the system type and RMF requirement ............................................................... 20 5.1.4 Identify targeted hosting location ..................................................................................... 23 5.1.5 Identify the RMF stakeholders, develop an awareness plan .......................................... 23 5.1.6 Understanding risk management ..................................................................................... 24 5.1.7 eMASS and registration .................................................................................................... 24 5.2 Initiate and plan ............................................................................................................ 24 5.2.1 Categorize system (RMF Step 1) ...................................................................................... 24 5.2.2 Select security controls (RMF Step 2) .............................................................................. 26 5.3 Implement and validate ................................................................................................ 28 5.3.1 Implement security controls (RMF Step 3)....................................................................... 28 5.3.2 Assess security controls (RMF Step 4) ............................................................................. 29 5.4 Certify and accredit ...................................................................................................... 30 5.4.1 Authorize system (RMF Step 5) ........................................................................................ 30 5.5 Maintain and review, decommission ........................................................................... 31 5.5.1 Monitor security controls (RMF Step 6)............................................................................ 31 6 Cost Assessment................................................................................................................................. 32 6.1 Cost model .................................................................................................................... 32 6.2 Technology transfer ...................................................................................................... 32 6.3 Cost drivers ................................................................................................................... 34 6.4 Annual accreditation cost ............................................................................................. 35 7 Implementation Issues – Lessons Learned ................................................................................... 36 7.1 Before beginning system development ....................................................................... 36 7.2 During system development......................................................................................... 37 7.3 Before beginning RMF documentation ........................................................................ 37 7.4 During RMF documentation ......................................................................................... 38 7.5 Omissions to avoid ........................................................................................................ 38 7.5.1 Failure to implement an auditing mechanism ................................................................. 38 7.5.2 No or lacking evidence to prove implemented CCP ......................................................... 38 References ................................................................................................................................................... 39 Acronyms and Abbreviations .................................................................................................................... 41 Appendix A: Points of Contact.................................................................................................................. 44 Appendix B: RMF Prerequisites ............................................................................................................... 45 Appendix C: Production Environment Hosting Guidance ................................................................... 47 Appendix D: Hosting Comparison SMPL-NZP Tool™ ........................................................................... 48 Appendix E: Identifying RMF Team ......................................................................................................... 51 Appendix F: Identify Stakeholders and Develop Awareness Training Plan SMPL-NZP Tool™ .... 62 Appendix G: Security Plan: Categorization ............................................................................................ 65 Report Documentation Page (SF 298) ................................................................................................... 72-
dc.format.extent82 pages / 1.31 Mb-
dc.format.mediumPDF/A-
dc.language.isoen_USen_US
dc.publisherConstruction Engineering Research Laboratory (U.S.)en_US
dc.publisherInformation Technology Laboratory (U.S.)en_US
dc.publisherEngineer Research and Development Center (U.S.)en_US
dc.relation.ispartofseriesTechnical Report (Engineer Research and Development Center (U.S.)) ; no. ERDC TR-18-15-
dc.rightsApproved for Public Release; Distribution is Unlimited-
dc.sourceThis Digital Resource was created in Microsoft Word and Adobe Acrobat-
dc.subjectEnergy developmenten_US
dc.subjectTechnology transferen_US
dc.subjectRisk managementen_US
dc.subjectComputer programming and softwareen_US
dc.subjectProduction managementen_US
dc.subjectCloud computing--Energy consumptionen_US
dc.titleTechnical transfer of the System Master Planner-Net Zero Planner (SMPL-NZP) Tool™ from research to production : risk management framework guidelinesen_US
dc.typeReporten_US
Appears in Collections:Documents

Files in This Item:
File Description SizeFormat 
ERDC TR-18-15.pdf1.35 MBAdobe PDFThumbnail
View/Open