Defense Health Agency

CyberSecurity Lifecycle Management


Cybersecurity Management & Reporting Portal (CSMRT)

Automated Control Correlation Identifier (CCI) Responses

Automated eMASS CCI Import

Automated Cybersecurity Issuance (task order) Management

Automated ATO/AR Timeline Generation

BCS has supported the A&A lifecycle at DHA from the inception of the agency through its current transition and consolidation of Military Health Services (Army, Air Force, and Navy).  

We have successfully taken numerous systems, enclaves, applications, and type accredited systems through the DHA Assessment and Authorization process to attain an Authority to Operate (ATO).  

Our experts helped shape the policy and procedures as the agency transitioned from DIACAP to RMF, including:

  • Guiding working groups and other DHA branches on cybersecurity-related policy and procedures.

  • Developing and publishing standard operating procedures for the Network Security Operations Branch.

  • Creating over 200 ATO/annual review/risk assessment packages.


BCS developed a FedRAMP Infrastructure as a Service (IaaS) package for DHA. The FedRAMP package ultimately served as a guide as DHA transitioned from DIACAP to RMF.


So, yeah, we’ve clearly kicked our fair share of butt over the years. But don’t just take our word for it (even though we are super honest people) — hear from our customers:

BCS constantly analyzes complex cybersecurity DHA processes and procedures and offers low-cost innovative solutions that produce quality products that are delivered on time or ahead of schedule to the various DHA stakeholders.
— Eric Wildermuth (ISSM, DHA NSOB)