Defense Health Agency

Cyber Security Lifecycle Management


Cybersecurity Management & Reporting Tool (CSMRT)

Automated Control Correlation Identifier (CCI) Responses

Automated eMASS CCI Import

Automated Cybersecurity Issuance (task order) Management

Automated ATO/AR Timeline Generation

BCS has supported the A&A lifecycle at DHA from the inception of the agency through its current transition and consolidation of Military Health Services (Army, Air Force, and Navy).  We have successfully taken numerous systems, enclaves, applications, and type accredited systems through the DHA Assessment and Authorization process to attain an Authority to Operate (ATO).  Our experts helped shape the policy and procedures as the agency transitioned from DIACAP to RMF including:

  • Guide working groups and other DHA Branches on cybersecurity-related policy and procedures

  • Develop and publish Standard Operating Procedures for the Network Security Operations Branch

  • Created over 200 ATO / Annual Review / Risk Assessment packages


BCS developed a FedRAMP Infrastructure as a Service (IaaS) package for DHA.  The FedRAMP package ultimately served as a guide as DHA transitioned to RMF from DIACAP.