Architecture and Engineering Services
Cybernet experts develop your design build projects
Cybernet Systems provides services in three areas of the overarching category of Architecture & Engineering Cybersecurity Services (A&E) to assist government agencies in obtaining and maintaining cybersecurity compliance and Authorizations to Operate (ATOs): Design-Build Request for Proposals, Design-Bid-Build projects, and Design-Build projects.
The ultimate purpose of the work is to clearly define the cybersecurity requirements and process in order to allow the Government to obtain an Authorization to Operate (ATO) for the Facility-Related Control Systems (FRCS) prior to the Beneficial Occupancy Date (BOD) of the facility. Cybernet has aided our clients in obtaining over 60 ATOs using the Risk Management Framework (RMF).
Where do you start?
Just as government agencies build their physical infrastructure, they also must consider the importance of their cybersecurity infrastructure. Design Build Requests for Proposal (BD-RFP) language must be clear, concise, and meet the objectives of the project. A wide variety of our clients have benefited from Cybernet’s Risk Management Framework (RMF) experts.
The Cybernet team:
Develops the language for the RFP
- Sets up the overarching requirements for the cybersecurity design*
Includes general cybersecurity requirements, facility requirements, and source reference documents.
*May include some cybersecurity infrastructure design.
Who Does Cybernet Work With?
Cybernet works closely with the Design Builder, the Government and associated agencies, the vendors, and the site Information Systems Security Officer/Manager (ISSO/ISSM) as well as current UFC, UFGS, and other relevant standards to work through the needed process to acquire the information and content to include into the RFP.
Finding Your Right Solution
The Design Build-RFP 0%-50% Solution
This stage of the RFP speaks to general requirements for cybersecurity.
- Notable documents to be used as reference
- A process for Government acceptance of cybersecurity documents, scanning, assessment, and hardening of systems
- The process for attaining an Authority to Connect (ATC) if needed for systems
RMF process and the documents to be generated for an ATO or ATC, best practices, and allowable hardware and software per current Government oversight.
The individual FRCS are given initial Confidentiality, Integrity, and Availability (CIA) impact ratings at this time and included in the RFP.
In some cases, Cybernet will also perform a 35% Design solution (which varies with project needs) as part of DB-RFP efforts
*More information on the 35% Design Services is in the DBB section. Design services typically do not exceed 35% on these project types.
The Design Build-RFP 50%-100% Solution
At this point, the RFP offers more specific requirements that include:
- Individual FRCS are added, citing procedure, process, reference documents, and any additional information required by the Government.
Language and content are adjusted, added, or removed as required through review with the Government.
Typically, there is no further design as part of the project, but design can be added as needed for any project.
It’s Time to Design
Working closely with the designer, the government, associated agencies, and the site ISSO/ISSM, Cybernet facilitates the process to acquire information needed for Design-Bid-Build (DBB) Project stages.
The Cybernet team:
- Facilitates information development for cybersecurity infrastructure with stakeholders and subject matter experts
Defines required security protocols and documentation for system protection
- Supports design – beginning through completion.
Follows Unified Facilities Criteria and other government requirements.
Design-Bid-Build stages follow the guidance set forth in the Unified Facilities Criteria (UFC) 4-010-06. Cybernet breaks the stages of design into multiple stages, fully customizable to the project:
- 20%, 35%
- Revised 35%, 65%, 100%
100% and Corrected Final deliverables.
The deliverables in these incremental stages map onto the UFC 4-010-06. These stages and their content can be customized to fit the project.
Your trust partner in design build
Cybernet professionals are your trusted partners from foundational design to construction to assessments in your Design Build (BD) projects.
The Cybernet team:
Supports cybersecurity design from foundation through construction and assessment
- Defines and develops security criteria
- Delivers all required documentation for compliance
- Conducts all required assessments
The DB project timeline follows much the same track as the DBB projects do, however, there is also additional RMF documentation that is required as set forth in the Division 25 specifications in the 65% design stage. There is also additional RMF documentation required in the construction and outfitting stage, as well as assessment activities.
The final stage
Cybernet assists with every aspect of the final process. Cybernet conducts both automated ACAS and SCAP assessments of the FRCS, as well as manual assessment when the FRCS cannot be assessed through an automated scanner. Reports of vulnerabilities that are discovered are shared with vendors, allowing them to harden their systems.
This process is typically repeated multiple times to ensure the FRCS have been hardened to requirements and all documentation has been submitted for the RMF ATO process.
Partners and Past Performance
Cybernet has supported and continues to support DoD and government agencies to ensure the government’s, system owner’s and facility cybersecurity requirements are compliant.
- Navy NAVFAC SE, SW, NW, NE, Mid-Atlantic
- Defense Health Agency
- Medical Facilities Program Office (MFPO)
- Naval Information Warfare Center (NIWC)
- Marine Corps
- Veterans Affairs (VA/the VA)
- Government agencies to ensure the Government’s, System Owner’s, and facility cybersecurity requirements are compliant.
- NAVFAC PAC
- NAVFAC MARIANAS