Military Health System (MHS)
Information Assurance Services

Policies and Procedures Compliance Information Assurance Support Security Testing, Verification &Validation Risk Analysis & Vulnerability Assessment

Download Project Sheet PDF (146K) Information Assurance Services

Project Overview
The TRICARE Management Activity (TMA), a field activity for the Office of the Assistant Secretary of Defense for Health Affairs, manages programs that provide quality health care to military beneficiaries. Within the TMA, the Technology Management, Integration, and Standards (TMI&S) directorate is charged with the review, coordination, development, and implementation of the MHS enterprise-wide technical architecture. It is charged with ensuring the standardization and interoperability of automated information systems (AISs) implemented to support of the MHS.

TMI&S is responsible for maintaining the MHS information infrastructure and establishing policies, standards, and procedures for integration, interoperability and data sharing. TMI&S also serves as the MHS Information Assurance focal point. It establishes security policies, standards, and procedures and delivers AIS IA certification accreditation services.

PSI Services
PSI delivered technical assistance in support of the MHS Automated Information Systems / Network IA Program to include: conducting technical security reviews, providing support for resolving technical security issues, and monitoring the development and implementation of systems in accordance with DoD, Military Services, and MHS IA policy and standards.

PSI monitored and reported on security alerts and bulletins issued by various vendors such as Microsoft, Oracle, and Informix. In the event that operating system and database vulnerability alerts applied to the components of the MHS, PSI updated a security vulnerability document that was distributed to the entire MHS via each Service Manager. We also used the Vulnerability Management System (VMS) - developed by the DISA - that notified registered users of Information Assurance Vulnerability Alerts (IAVA's). The VMS was utilized to ensure that all MHS software was maintained up to current version and patch levels.

PSI developed DoD Information Technology Security Certification and Accreditation Process (DITSCAP) documentation. The various products or activities supported by PSI included: Security Risk Analysis Reports, Security Test and Evaluation (ST&E) Reports, ST&E Plans, C&A recommendations, Test Readiness Reviews, DITSCAP memo packages for Designated Approval Authorities (DAAs) and Penetration and Vulnerability Analyses.

Copyright 2007 Planned Systems International. All Rights Reserved.
Legal Information | Privacy Policy