Defense Logistics Agency (DLA)-Energy // Bulk Petroleum Common Operating Picture (BPCOP)
BPCOP is a web-based application that provides worldwide visibility of energy assets. The BPCOP project included information assurance (IA) and cybersecurity requirements so the application maintained the ability to protect classified, proprietary, and user-sensitive information on both the Non-Secure Internet Protocol Router Network (NIPRNet) and Secure Internet Protocol Router Network (SIPRNet) servers. Our cybersecurity services included:
- Risk Management Framework (RMF): BPCOP followed the Department of Defense’s (DoD) RMF process in accordance with the overarching DLA and DoD Issuance (DoDI) 8500.1 and 8510.01 standards.
- Continuous monitoring: We ran monthly Assured Compliance Assessment Solution (ACAS) scans and reviewed the results looking for any Category (CAT) 1, 2, and/or 3 vulnerabilities. Our Team continuously monitored Defense Information Systems Agency (DISA) hardware and server software including operating systems and Application Security and Development (ASD) Security Technical Implementation Guides (STIGs) checklist. We also ensured BPCOP had all current STIGs applied.
- Incident response: Our IA Team worked with BPCOP System Administrators (SAs) and developers to close all CAT 1 and 2 vulnerabilities and develop a Plan of Action and Milestones (POA&M) for CAT 3 vulnerabilities with detailed documentation, milestones, and resolution monitoring. We also developed a POA&M for non-compliant IA controls and ensured that system weaknesses were corrected and approved by DLA’s Information System Security Officer (ISSO) and Information System Security Manager (ISSM).
PioneerTech has successfully provided IA and certification and accreditation (C&A) for the BPCOP Non-Secure Internet Protocol Router (NIPR) and Secure Internet Protocol Router (SIPR) program with an authority to operate (ATO) using DLA IA Vulnerability Management System (VMS) and Enterprise Mission Assurance Support Services (eMASS) tool-sets. Our IA and BPCOP subject matter expert (SME) worked with DLA J61 ISSO and ISSM to test and validate more than 300 IA controls listed within DLA’s eMASS tool. We developed a POA&M for non-compliant IA controls and ensured that system weaknesses were corrected and approved by DLA’s ISSO and ISSM.