The Global Combat Support System is the single integrated system of action for U.S. Army logistic capabilities. It manages business processes for supply, maintenance, property, and tactical finance. As a world-wide digital platform, GCSS supports thousands of users with millions of dollars invested in operational assets and trillions of dollars invested in capital assets.
The Challenge – Cumbersome Legacy IAVA System
The GCSS team faced a Herculean task and a ticking clock. The IT issue resolution database, a legacy system for processing Information Assurance Vulnerability Alerts (IAVAs), was past its prime, and the year-end deadline to renew or retire the contract was approaching fast. The legacy system had a cumbersome interface that required manual IAVA input, which lead to data-integrity issues regarding accuracy and coverage. In addition, the data was not searchable or capable of being read through quickly.
The Requirements – Replace Legacy System And Expand RMF Automation
Despite the aggressive timeline, the team set a high bar for the replacement solution, which would need to support automation of Plan of Action and Milestones (POA&M) creation, DoDD 8570 and DoDD8140 Compliance Tracking, IAVA Tracking and Compliance, and Operational Tracking and Activities of NIST RMF, DIACAP DOD RMF — all before January 1 of the new year.
The Solutions – Cybersecurity Manager
The GCSS team turned to Stave’s Cybersecurity Manager, powered by the cloud-based, secure, scalable ServiceNow® platform. Cybersecurity Manager was engineered specifically for large federal organizations to integrate all Risk Management Framework (RMF) security operations into a single solution. CSM is fully integrated with CMDB, GRC, SecOps, Discovery and Continuous Monitoring Tools.
The Outcome – 400 Work Hours Saved Per Operator, Per Year
The project was completed in just 4 weeks — from design to implementation, testing, and implementation — all before the desired deadline. An After Action Review (AAR) revealed that task and workflow automation would save 400 hours per operator per year, opening up ten weeks per year to address other tasks. The visibility for all cyber threat remediation activities was increased as well with CSM’s audit trail.
Key Highlights
- 400 Hours per Operator per Year Saved
- Automating tasks and workflows saved 400 hours per operator per year for GCSS, allowing them to focus on proactive threat identification.
- Real-time Custom Portals Speed Workflows
- The portals provided by Cybersecurity Manager provide quick access to accurate and complete data, accelerating vulnerability remediation and threat mitigation.
- Implementation in Under a Month
- Fully deployed and operational in less than a month.
- Remediation Times Down to Minutes
- Timelines for cyber threat remediation went from an average of 5-7 days to mere minutes.