A consolidated and efficient vulnerability management, compliance reporting, and monitoring capability had been a challenge as the Defense Health Agency (DHA) increased its information technology services footprint. Before the Cyber Operations Center (CyOC) was created, reporting was done via manual and labor-intensive processes requiring hundreds of man-hours, impacting the Agency’s ability for timely reporting leaving the agency with the inability to identify a single point of contact to view agency compliance as a whole.
DHA leadership looked to Sentar for a better solution, resulting in the development and introduction of the Cyber Operations Center (CyOC). The innovations introduced by the CyOC to meet the customer’s requirements led to the first FedHealth IT Innovations Award in 2019. Now a great a challenge was looming. Even though the CyOC had been around for a few years it was really during the pandemic, forcing a remote and distributed work force which required full accountability that led the team to adjust from normal day to day operations to developing and innovating existing processes. Led by CyOC Compliance Team Lead Josh Sims and Operations Lead Bruce Detweiler, the CyOC tracked all DoD higher headquarter Issuances/Taskings for the DHA and were required to maintain the same level of proficiency if not better than before. This process was highly complex and was handled through a variety of means including but not limited to emails, RFIs, Tickets and phone communications.
“To ensure timely and accurate reporting, we rely on the many different entities within the agency to get the job done. This includes working with a wide variety of teams. We try to manage the overall process from top to bottom to ensure that nothing gets missed and DHA is represented in the best light,” said Josh Sims.
The CyOC has radically taken the task and issuance process and redefined how traditional issuances are released within the enterprise. With a multitude of DHA Components, it can be difficult to always ensure proper tracking and acknowledgement. In response, the CyOC has implemented a standard practice of releasing issuances to the field immediately upon receipt from higher-level entities. The CyOC tracks the release down to the program level to ensure proper steps are followed for accurate and timely reporting.
By developing and innovating these processes, the CyOC has significantly improved how higher-level cyber issuances are released, tracked at program and site levels, addressed, and reported across the enterprise. As a result, the CyOC has increased DHA compliance across the board.
The CyOC Team receives compliance status and tracks the status at the executive level. In this capacity, they can capture cyber-intelligence and analytics to provide leadership with a full operational picture to understand existing risks, fueling cyber resiliency rather than mere security.
Due to the program’s success, DoD higher level entities have recognized the CyOC as a representative best-practices standard against which other agencies are compared.
When discussing what led to the program’s success, including the 2021 FedHealthIT Innovation Award, Josh Sims pointed to his team’s hard work. “We worked hard with our government partners on refining the processes and getting them out in the field in a timely manner, and the process that we designed will be applicable to other programs within the DHA focused on compliance monitoring and vulnerability management.”
Sentar team members include Joshua Sims, Bruce Detweiler, Shonda Milhon, Lisa Lewis, Tom Goodman, Bryan Adams, Nicole Nunnally, Jaime Kinser, Juliana Powell, Conner Burgess, Donald Alton, Joshua Vaughan, and Jonathan Deeter.