Upon assuming support of a DoD IT support task order, the SMS team recognized that the centralized processes for management, enforcement, and operation lacked cybersecurity requirements. Processes appeared to be circumvented in order to expedite customer service requests. The potential for harm to both the organizational mission and the government agency was high with security infractions already widespread.
To work with a federal government customer on recognizing their agency’s cybersecurity challenges, and to restructure an IT support task order to meet existing requirements as well as resolve cybersecurity challenges. Organizational changes could not affect customer service expectations.
After initialization of the task order, SMS and the government customer completed a review of general operations. We determined we needed to change the service structure of the department by splitting it into two groups, one focusing on IT support services, and the other specifically geared towards cybersecurity. Support staff were then divided between the groups to provide the necessary expertise and resources for both missions. SMS placed subject matter experts in positions to provide direct oversight for each group. They directed the rebuilding of the applicable programs and established the process controls necessary to prevent the circumvention of cybersecurity needs and requirements while also allowing efficient customer service. These steps provided the control mechanisms needed to reintegrate the required government standards, guidelines, policies, and procedures, as well as increased communications with the government customer and end users, and minimized reporting gaps.
Splitting the team into two groups created a more mission-centric approach for each by providing detailed focus and training for each supported service. The change in mission parameters brought a large number of security infractions to light, and the redefined focus allowed for the quick identification and resolution of each infraction. The two groups now work jointly to provide the checks and balances required to ensure a safe and secure computing environment.