(Determine: To continue, update (Tech refresh, P3I) or end the Systems Development Lifecycle needs for the (ISM))

Review

• FAA FAST AMS Lifecycle Phases and Decisions guidance website:
  • In-Service Management (ISM)
• FAA FAST ISS Flow Chart of the ISM section.
• The ISSP for the system assessed.
• OMB Exhibit 300, Attachment 1, 2, & 3.

Update

• ISS section of the Final Requirement Document (fPR).
• Vulnerability and risk assessment for the Security Risk Assessment (SRA).
• SCAP with your Service Unit/Service Area Certification Team Lead.
  • Verify if recertification is required.

Generate

• Technology refresh and/or upgrade of the system assessed.
  • Prepare for Technology Refresh and Upgrade Planning (p)
  • NIST SP 800-64, “Security Considerations in the Information System Development Life Cycle”
• For disposal of the system.
  1. Follow ISSP
  2. Archive information
  3. Sanitize media
  4. Dispose of hardware and software.

Obtain

• DAA signature(s) of Certification and Authorization package (SCAP).
  • Service Unit/Service Area Certification Team Lead and ISSO.
  • ATO Designated Approving Authority (DAA), Information System Security Certifier (ISSC), and Information System Security Manager (ISSM).

Deliverables

1. Updated OMB Exhibit 300, Attachment 1, 2, & 3
   • ISS section of the Final Requirement Document (fPR).
2. Updated Security vulnerability and threat assessment for the SRA.
3. Updated SCAP documents.
4. DAA signature(s) of the SCAP documents.

End ISM for Systems Engineering Milestones: TRA & AMS Phase: ISM