System complexity, aggressive schedules, and limited resources are risks a program must overcome in order to properly implement and maintain system security configuration controls during development, integration, fielding, and operations. Vulnerabilities caused by inadequate system security configurations create opportunities for adversaries to successfully conduct cyber attacks on systems. A driving factor contributing to this challenge is the lack of efficient methods for verifying the system security configurations comply with the security requirements. Identifying and reporting vulnerabilities in a timely manner are critical for effectively mitigating identified risks. Automated test tools exist for assisting in the process, but many conduct generic test inspections and are not tailored to verify the specific security policies and requirements established for the system.

This paper describes a process used by the Combat Air Force (CAF) Distributed Mission Operations Network (DMON) Cross Domain Solution team to effectively identify and mitigate security vulnerabilities during system development, integration, and deployment. The process leveraged automated tools and an associated strategy to streamline the Information Assurance testing effort and increase the cyber security posture of the DMON Cross Domain Solution. The paper addresses process enhancements implemented to establish and sustain a high level of security assurance required in the warfighter's integrated live, virtual, constructive training environments.