EAGLE II Experience

Functional Category 3-related Experience

Enterprise Lab Modernization

Developed, implemented, and refined an innovative “Agile Integration and Test Lab Management Framework” that enabled just-in-time decision-making based upon the outcome of a thorough IV&V approach. This was an unprecedented success in an area that traditionally has been characterized by long lead times for managing changes. Our ability to independently obtain, vet, and verify customer requirements and quickly transition customer systems under this framework dramatically increased NSA’s ability to accommodate short-notice facilities and/or system changes. We also developed and successfully implemented a creative rapid IV&V process. The team created IV&V templates and structured work in a way that personnel could be quickly integrated to support inspection activities. Our ability to structure a “plug-and-play” capacity allowed us to scale resources to expedite the audit of more than 200 systems across more than 50 data centers. The team demonstrated elastic capacity by standing up rotating six-person teams consisting of existing personnel in new roles while the staffing process worked to identify permanent support. This allowed the customer to reduce the audit timeline from two years to six months. This demonstrated our ability to meet the demands of rapidly changing customer requirements. We nurtured an environment where all requirements in the queue can be re-prioritized at any time with virtually zero cost and schedule impact. To date, our creativity has resulted in cost avoidance for NSA of over $125M over 5 years.

These innovative and proven processes (being brought to EAGLE II) enable us to efficiently and effectively evaluate critical elements (tools, technologies, processes, schedules, facility limitations, security threats, etc.) across a range of systems. These systems range from commodity hardware platforms running enterprise standard applications to custom-built hardware components that rely on custom operating systems and an integration of Commercial Off-the-Shelf (COTS), Free and Open Source Software (FOSS), and Government Off-the-Shelf (GOTS) components.

As a part of this effort, we developed an Agile Integration and Test Lab Management Framework, processes, and lessons learned and compiled them into a comprehensive knowledge base that has been carefully documented and is directly applicable to EAGLE II. As we plan each Task Order, we will be incorporating this knowledge base into our execution plans to ensure we can not only effectively and efficiently replicate our previous success and high customer satisfaction, but can also actually improve upon our successes.

Enterprise IT Services Integration and Test Facility (ITF)

NSA has never had a single Integrated Test Facility (ITF) that represented the entirety of the Enterprise IT infrastructure (ITI). Nor has the Government had to conduct simultaneous IT fit-ups for three new facilities while incorporating significant changes to the ITI baseline. Establishing this enterprise-wide ITF required lots of creativity and innovation. We exceeded the Government expectations making the project a very favorable experience for the customer.

It provides an environment that reflects both the new and old infrastructures, allowing for the testing of IT services across the diverse operational environments. We provide the resources that implement and manage the different “as-is” and “to-be” environments, and configure the infrastructure components to reflect the actual operational settings. Our creative, enterprise-wide ITI testing process validated functional and performance characteristics across both the new and old network infrastructures. This testing process resulted in new efficiencies – accelerating the schedule and reducing manpower requirements.

We created a plan for how the entire end-to-end ITI could be established in the ITF. The plan included the hardware and IT service stack, reflecting the “to-be” ITI the Government is planning to deploy at the new facilities. This plan included the test strategy that would be performed to assess both the functionality and performance for the end user in a thin-client desktop environment. This plan required a comprehensive understanding of the Government IT plans and analysis for how best to represent that environment with limited resources.

We are poised to bring this technical expertise to establish and manage an integration and test environment for DHS. The success we have gained with this customer creating an enterprise-wide ITF, while working to gain acceptance by customer organizations, has given us the confidence that it can address similar challenges at DHS. The expertise that we have established with comprehensive testing tools (Spirent) and the success with developing and executing complex test scenarios and lessons learned are readily available to provide DHS a similar capability. ITFs can be very dynamic environments with hardware and software changes being made during scenario testing. Having a robust and effective configuration management (CM) capability to manage frequent changes in support of customer I&T needs is vital for any ITF. We implemented an effective CM capability for NSA and can quickly establish and restore specific configurations in support of any integration and test requirement. We have technical expertise in all areas of the ITF from WAN and LAN technologies, to data centers, to networks to end user devices. We are strategic partners with Microsoft and VMware and can bring these to bear at DHS as needed.

Partner Mall

We took a critical war mission effort that was languishing across organizational boundaries within NSA for over 18 months and turned it around in 2 months by providing an innovative process for efficient lifecycle IV&V. Our methodology of identifying and implementing the critical, mission-specific requirements provided the customer a 400%+ increase in analytical capability every fiscal quarter with complete transparency throughout the process. Our approach identified and addressed requirements using a warfighter-first focus. The warfighters’ needs were captured real time into operational and system development requirements. These requirements were compared against an entangled spreadsheet that had evolved over 18 months without warfighter input into over 400 derived requirements. We reduced duplicative requirements by 80%. The result was eight identified capstone capabilities represented by 80 independent operational requirements. The resulting well-defined system requirements cycle has proved to be a critical first step in this customer’s IV&V effort.

A primary outcome of our efforts was providing the Government complete transparency into the status of all operational and system development activities in real-time. This was a first for the Government and resulted in the real-time ability to make informed decisions; ensuring higher quality systems were delivered to support the war effort in a shorter amount of time and using fewer resources. The customer eagerly took advantage of this new capability by providing weekly updates to the development direction based on the dynamic needs of the warfighter. The engineering discipline provided by the our approach allowed for these real-time adjustments while maintaining the systems engineering discipline to schedule and deliver new capabilities on a quarterly basis.

We crafted a knowledge capture process that captured all system dependencies, required software, and resource scheduling. This increased the efficiency of installing, configuring, and testing of all tools or services. Within 2 months, we developed and implemented a cross-organizational end-to-end capability implementation process.

We created a process for information exchange using collaboration tools that shortened the time to gather pertinent information for building the system baseline. We crafted a knowledge capture process that documented all system dependencies, required software, and resource scheduling. This increased the efficiency of installing, configuring, and testing of all tools and services.

This proven and repeatable methodology has been thoroughly documented and will be integrated into our execution plan for each Task Order. This ensures that DHS will benefit via reduced execution risk and more efficient utilization of resources, thus improving the probability of meeting schedules and cost estimates.

AXISS/VAPT

We developed, documented, implemented and managed a comprehensive process to address critical systems on a high-priority effort. We assessed, addressed, tested, conducted IV&V, and rectified a series of critical security weaknesses. We increased productivity by more than 300% while decreasing labor costs by 15%. The innovative processes implemented by us focused on the implementation of a very challenging and highly technical approach for assessing, verifying, and validating systems compliance against the mandated security requirements. This process was implemented as a standard approach for Certification and Accreditation (C&A) of operational systems across the Enterprise.

We developed and implemented an innovative approach for the C&A of field sites/stations, decreasing the number of System Security Plans (SSPs) from over 200 to less than 20, significantly reducing the cost and schedule. This approach focused on identifying specific security boundary requirements based on mission threads, security domains, and data flows, rather than components of a system. We were able to take a project that had been going through the C&A process for years, verify and validate system level components, evaluate the system status, identify and document a repeatable plan forward, and complete the project in 3 months. Our ability to work as a trusted agent and the quality of work was recognized at the DNI level and saved the Government significant money and time.

We have successfully provided the full-breadth of IV&V, evaluation, and testing services on the highest priority systems in support of the customer’s extended enterprise across multiple projects. This support included conducting IV&V at distributed sites world-wide. We have experience working with Federal Agencies, Military Commands, and major Industrial Clients, and this extended enterprise experience (processes and lessons learned) will be brought to DHS through EAGLE II. We conducted a number of multi-agency IV&V assessments across the Intelligence Community.

This experience and the lessons learned by implementing these processes and methodologies have been refined over multiple projects and are documented for implementation under EAGLE II. This will ensure that we are able to replicate our success reducing risks, conducting IV&V, streamlining processes, and ensuring the capabilities delivered operate as required in a fully-compliant and secure manner.

Enterprise Data Center

During 2009, we overcame several seemingly insurmountable barriers to QRC deployments of end-to-end systems, employing new technologies such as cloud computing and advanced virtualization technologies to collapse the end-to-end system integration testing into a single lab facility. This successfully emulated the global network, including virtualized satellite and other latencies, to provide efficient and rapid identification of IV&V problems and testing of solutions.

We received a Special Achievement award for outstanding contributions to the Wireless Local Area Network (LAN) Prototype technology demonstration at the National Security Agency. The Wireless LAN Prototype was the customer’s first ever design, development, and IV&V effort centered on secure wireless while leveraging 100% COTS technology. This effort, due to the security requirements, required the independent verification, validation, and evaluation of vendor security claims and updates/patches. This process included: the documentation of system requirements; the identification of performance parameters; the development of test plans, documented testing, configuration management; and the implementation of fixes/changes ensuring a fully compliant and operational system. We created an innovative, independent and product-agnostic view of network security and system design that was critical to the success of this effort. By leveraging past experiences, lessons learned, industry best practices, and expertise, we were able to quickly and efficiently bring to bear the resources required to support the client’s successful implementation of a “first-ever fully-classified wireless LAN prototype”.

The experience gained on this highly successful project has been documented in a concise methodology for emulating a global network with the associated approaches for performing IV&V across a heterogeneous environment. This methodology will be brought to DHS along with the other proven methodologies. We are sought out regularly for our expertise in leading the development, engineering, testing, IV&V, and deployment of mission critical systems and components in highly classified and dynamic situations. As with this effort, we have a record of documented accomplishments, ensuring that the required capabilities are delivered, independently verified, and deployed in a timely and efficient manner.