Simple things like changing passwords often and, even better, implementing multi-factor authentication for all credentialing systems are relatively easy policies to implement for most organizations. What isn’t necessarily as easy is developing the mindset of #CybersecurityFirst throughout an entire organization.
Before the Cyber Operations Center (CyOC) was created, reporting was done via manual and labor-intensive processes requiring hundreds of man-hours, impacting the Agency’s ability for timely reporting leaving the agency with the inability to identify a single point of contact to view agency compliance as a whole.
Defense Health Agency (DHA) is currently migrating Military Treatment Facilities (MTF) into a DoD JIE CSRA compliant Medical Community of Interest (Med-COI) architecture. As a precursor to accessing the new Electronic Health Record (EHR), each MTF requires an evaluation of Information Technology assets and services. MTFs must undergo an in-depth Risk Management Framework (RMF) evaluation to receive an Authorization to Operate (ATO) on the Med-COI.