Today, RAPS has been used to help accredit dozens of systems for tactical communications, command and control, and mission planning at Navy commands in both classified and unclassified settings. The tool is portable, intuitive, and user-friendly. RAPS walks practitioners through the RMF process step by step, much like the apps found on popular tax-filing websites.
RAPS automations support many communities of RMF practitioners, including:
- Information system security engineers (ISSE) for artifact and package generation
- Package submitting officers (PSO) for package review
- Navy qualified validators (NQV) for validation testing
- Security control assessors (SCA) for NQV risk assessment reviews
- Navy authorizing official (NAO) cyber security analysts (CSA) for package processing, standardization, and approval
In addition, RAPS currently delivers six compiled or individual reports that fully comply with Office of the Chief of Naval Operations requirements:
- Plan of actions and milestones (POA&M)
- Hardware list
- Software list (Windows)
- Software list (Linux)
- Ports, protocols, and services management (PPSM)
- Test plans
Navy programs employing RAPS began seeing benefits immediately. Manual tasks like data entry, report generation, and data analysis that previously took days or weeks were now accomplished in minutes, while substantially reducing the risk of error.
Consider, for example, the RAPS bot that helps automate the task of generating a POA&M report. The bot compiles test data for a given system onto a spreadsheet to identify instances of non-compliance with security controls. With one Navy system, the POA&M bot processed 3,500 test results and generated a report in 2 minutes. Compare that to the 32 hours it typically takes to do the work manually. In government offices with several hundred systems, that translates to thousands of hours of staff time saved annually.
Another RAPS bot helps automate the Navy’s CYBERSAFE cybersecurity process to verify that the security features of one system do not inadvertently impair the security of other connected systems. In one case, RAPS evaluated a new relay node on a tactical communications system and added 109 CYBERSAFE security controls in about 2 minutes. Without RAPS, adding those controls manually would have taken up to 4 hours.
Among the features that distinguish RAPS from other RMF process-automation tools are its ease of use and its interoperability with other applications. In addition, its open architectures enable it to incorporate additional automation bots, regardless of who developed them. whether they are developed by Booz Allen or other companies. To continue Booz Allen’s always-on effort to innovate and automate, our team is working on a project to employ machine learning and natural language processing to improve the creation of risk-mitigation statements.