AMS Lifecycle Phase: In-Service Management >>> Technology Refresh Assessment (TRA)

Description

In this phase, systems are in place and operating, enhancements and/or modifications to the system are developed and tested and hardware and/or software is added or replaced. The system should be monitored for continued performance in accordance with user requirements, and needed system modifications are incorporated. The operational system needs to be periodically assessed to determine that the system is maintaining an acceptable level of security control. Operations can continue as long as the system can be effectively adapted to respond to the FAA's needs. Managing the configuration of the system and providing for a process of continuous monitoring are two key elements of information security at this phase.

Tasks

• Recertify the system as prescribed in the Information Systems Security Program Implementation Guide (SCAP) depending on the level of impact to the NAS or non-NAS systems
• Continue to monitor the configuration of the system
• Test new hardware and software for security vulnerabilities before inserting it into the operational system
• Review the system requirements to ensure they still meet the users' needs

Resources

• NIST Special Publication 800-64, Security Considerations in the Information System Development Life Cycle
• ATO — Information Systems Security Program Implementation Guide (SCAP)