The Global Combat Support System is the single integrated system of action for U.S. Army logistic capabilities. It manages business processes for supply, maintenance, property, and tactical finance. As a world-wide digital platform, GCSS supports thousands of users with millions of dollars invested in operational assets and trillions of dollars invested in capital assets.
The GCSS team faced a Herculean task and a ticking clock. The IT issue resolution database, a legacy system for processing information assurance vulnerability alerts (IAVAs), was past its prime, and the year-end deadline to renew or retire the contract was approaching fast. The legacy system had a cumbersome interface that required manual IAVA input, which lead to data-integrity issues regarding accuracy and coverage. In addition, the data was not searchable or capable of being read through quickly.
Despite the aggressive timeline, the team set a high bar for the replacement solution, which would need to support automation of POA&M creation, DoDD 8570 and DoDD8140 Compliance Tracking, IAVA Tracking and Compliance, and Operational Tracking and Activities of NIST RMF, DIACAP DOD RMF. All before January 1 of the new year.
The GCSS team turned to Stave’s Cybersecurity Manager (CSM), powered by the cloud-based, secure, scalable ServiceNow® platform. CSM was engineered specifically for enterprises and large federal and public-sector organizations to integrate security operations, GRC an RMF into a single solution. CSM is fully integrated with CMDB, GRC, SecOps, Discovery and Continuous Monitoring Tools.
The project was completed in just 4 weeks—including design, implementation, testing, and turn-up—in time to meet the GCSS teams’ deadline. An After Action Review (AAR) revealed that task and workflow automation would save 400 hours per operator per year, opening up ten weeks per year to address other tasks. The visibility for all cyber threat remediation activities was increased as well with CSM’s audit trail.