Defense Health Treatment Facilities RMF, Cyber, and IT Support

Cybersecurity and Risk Management Framework (RMF) Support at DHA Medical Treatment Facilities.

cyDaptiv Solutions is a trusted partner in delivering comprehensive cybersecurity and RMF support services at numerous MTFs globally, including the following:

  • Brian D. Allgood Army Community Hospital (BDAACH), Camp Humphreys, South Korea
  • General Leonard Wood Army Community Hospital (GLWCH), Ft Leonard Wood, Missouri
  • William Beaumont Army Medical Center (WBAMC) Replacement Hospital, Ft Bliss, Texas
  • S. Army Medical Research Acquisition Activity (USAMRAA), Ft. Detrick, MD
  • Walter Reed National Military Medical Center Addition, Bethesda, Maryland

Key Activities and Expertise

Assessment and Authorization (A&A) support for 200+ systems ranging from complex security management systems to high-end medical devices, facility related control systems, and closed-network platform IT systems across multiple facility construction and retrofitting projects.

Documentation development for each Authorization Package including network boundary diagrams, PPSM, HW/SW inventories, Categorization memos, Privacy Assessment, POA&Ms, Security Plans, and all other required artifacts to support favorable authorization decisions.

Coordination of the A&A process via eMASS and direct interactions with the Authorizing Officials.

IT Support activities include Database Administration, Systems and Network Engineering and Administration, and IT Procurement Support.

Our team ensures robust cybersecurity measures across all systems by conducting thorough Information Assurance (IA) discovery and maintaining compliance tracking. We review IAVA and STIG applicability and update IA-related documentation and artifacts. Our team provides critical security engineering assistance, offering recommendations for RMF information types and system categorization. We assist in selecting security controls based on system impact levels, ensuring compliance with DoD, DHA, and NIST guidelines.

RMF Package Development and Coordination

  • Developing RMF packages and coordinating system scans and remediation activities with IMD teams and vendors.
  • Collaborating with DHA Cyber Security leadership for system authorization approaches.
  • Managing cybersecurity projects and reporting.

Cybersecurity Assessments

  • Conducting detailed cybersecurity assessments of all systems, including FRCS, Medical Devices, clinical, and enterprise IT systems..
  • Evaluating Privacy and HIPAA compliance, data sensitivity, security configurations, and procedural processes.
  • Providing recommendations for remediating identified security weaknesses.

Facility Related Control Systems (FRCS)

  • Evaluating systems such as Electronic Security Systems, Building Automation Systems, and Nurse Call Systems.
  • Validating as-built network drawings by tracing network and serial cables within datacenters and server rooms.
  • Building detailed profiles of installed software, hardware, network inventories, and security vulnerabilities.
  • Creating comprehensive systems interface matrices to manage interconnections between medical systems, EHR, and PACS.

Network and IT Systems Monitoring

  • Continuous monitoring and vulnerability assessments of networked and standalone medical systems.
  • Utilizing advanced tools like ACAS, SCAP, and STIG for efficient security posture monitoring and vulnerability remediation.

Privacy and Security Compliance

  • Conducting privacy risk assessments and ensuring HIPAA compliance.
  • Developing privacy plans and implementing security controls to protect PII and PHI.
    Assisting the Privacy Officer in completing Privacy Impact Analyses (PIAs).

Project Management and Continuous Improvement

cyDaptiv Solutions excels in IT project management, utilizing tools such as Microsoft Project, Jira, SharePoint, and Microsoft Excel to manage tasks, people, and milestones. Our integrated project management framework includes risk management, configuration management, and quality assurance processes, tailored to meet customer program requirements, cost constraints, schedules, and quality expectations.

Our commitment to continuous improvement and collaboration is evident in our maintenance of an Information Assurance Compliance Tracker, which annotates system status and pending actions. We work closely with DHA Cyber Program stakeholders to aggregate system ATO statuses and present data to leadership for informed decision-making.

At cyDaptiv Solutions, we are dedicated to delivering superior cybersecurity support services that safeguard critical medical and administrative systems. Our comprehensive approach to RMF, system assessments, privacy protection, and project management underscores our commitment to excellence, ensuring the highest levels of security and compliance for our DHA and MTF partners.