Defense Health Agency (DHA) Cybersecurity Assessment and Authorization Support
The Defense Health Agency (DHA) is a joint, integrated Combat Support Agency that enables the U.S Army, U.S Navy, and U.S Air Force medical services to provide a medically ready force and ready medical force to Combatant Commands. The DHA supports the delivery of integrated, affordable, and high-quality health services to Military Health System (MHS) beneficiaries and is responsible for driving greater integration of clinical and business processes across the MHS.
The DHA Cybersecurity Assessment and Authorization Support task will assist in the project execution of Combat Support and Information Assurance (IA) services at locations throughout the Continental US (CONUS) and Outside the Continental US (OCONUS) areas. This includes support to all DOD Military Health Services sites, which vary in size from 1500 to over 60,000 server and workstation assets, and support as many 430 Programs of Record Systems as determined by the sponsor of varying size, architecture and operating systems.
- Provide subject matter expertise to develop and review plan to assess the security controls.
- Assess the security controls in accordance with the assessment procedures defined in the DHA security assessment plan.
- Prepare the security assessment report documenting the issues, findings, and recommendations from the security control assessment
- Conduct initial remediation actions on security controls based on the findings and recommendations of the security assessment report and reassess remediated control(s), as appropriate
- Assess a selected subset of the technical, management, and operational security controls employed within and inherited by information systems in accordance with the organization defined monitoring strategy.
- Provide assistance to system owner, enclave, or site personnel to complete required RMF documentation, addressing Independent Validation and Verification (IV&V) results and assisting enclave personnel in preparing all types of RMF Authorization for review by the Validator, Security Control Assessor (Representative)(SCA(R)), or the Authorizing Official (AO).
- Review Security Design documentation to ensure comprehensive security requirements and compliance with DoD and Federal requirements and guidelines
- Review and provide input on physical, application and networking security policies procedures and practicesEducation:
- Technical Training in Information Assurance, Information Technology, Medical Systems, Network Design, Strategic Planning, and/or HIPAA law.
- Fifteen years (15) of hands-on experience with Information Technology to include three of the following areas: Systems Requirements, project management and strategic planning, HIPAA requirements, Medical Systems, Operational Requirements, Enterprise Strategic Planning and operations, Unix/Linux system software, Test & Evaluation, and Training.
- Recognized expert who has demonstrated industry and public service leadership in one or more of: medical systems; advanced system architecture; information assurance; hardware technologies; digital/analog communications technologies; applied physics; human factors engineering; computer simulation; electronic sensor technologies; and ERP.
- Demonstrated experience in at least two of the following areas: Ability to plan and organize work and interact with technical and non-technical personnel translating user requirements into responsive applications.
- Demonstrated detailed knowledge of IA concepts and requirements.
- Demonstrated comprehensive knowledge of DOD military specifications and standards.
- System design integration planning for multiple large-scale installations. Hardware and software Evaluation
- System Test and Evaluation, planning execution and management.
- System requirements planning and oversight.
- Technical development product milestone scheduling.
- Understanding of FISMA and HIPAA IA requirements.
- Active Secret Clearance
- IAT/IAM Accreditation within 6 months of assignment as well as Security+ Certification