SlideShare a Scribd company logo

LOW CODE NO CODE PLATFORM Agile Developm

Download as PPTX, PDF
K
KnowledgeRepositoryK

Low-Code Application Platform (LCAP) OutSystems: A robust low-code platform that supports rapid application development and deployment. Mendix: Another powerful low-code platform that offers extensive integration capabilities and supports agile development. 2. Agile Development Tools Jira: For task tracking, backlog management, and sprint planning. Confluence: For documentation and collaboration. GitLab CI/CD: For automating build, test, and deployment workflows. Selenium: For automated functional testing. JUnit: For unit testing. SonarQube: For code quality analysis. OWASP ZAP: For security scanning.

Technology
1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
VESSEL INCIDENTAL DISCHARGE ACT (VIDA) DATA MANAGEMENT SYSTEM
Background ● VIDA Law Enacted: Signed into law on December 4, 2018, the Vessel Incidental Discharge Act (VIDA) revises how the EPA and USCG regulate incidental discharges from commercial vessels. ● Amendment to Clean Water Act: VIDA adds Section 312(p), establishing uniform national standards for vessel discharges. ● EPA & USCG Responsibilities: ○ EPA must develop national discharge standards. ○ USCG must implement and enforce regulations within two years of EPA's final rule publication (issued in 2024). ● State Coordination: VIDA mandates coordination with states, including data sharing for enforcement purposes. ● Regulatory Streamlining: Aims to unify disparate federal, state, and local vessel discharge requirements. ● USCG System Requirement: ○ VIDA requires a dynamic, online data management system (VIDA DMS) for federal, state, and industry stakeholder use. ○ The system must support compliance, enforcement, and information sharing. ● Key System Capabilities: ○ Receive continuous multi-source input. ○ Analyze/validate data using compliance criteria. ○ Act as an information repository. ○ Provide real-time analytical reporting. ○ Enable 24/7 access to VIDA-related data. ● Current Gap: No active system exists; VIDA DMS will fill this void using a COTS Low-Code Application Platform (LCAP). ● Deployment Deadline: Minimum Viable Capability Release (MVCR) of VIDA DMS must be operational by July 31, 2026.
Scope Objective: Deliver IT services for the full lifecycle of a cloud-based COTS Low-Code Application Platform (LCAP) to support the VIDA Data Management System (DMS). Key Responsibilities: ● Platform selection, design, development, and implementation. ● Configuration, operation, sustainment, and optimization of the solution. ● Ongoing adaptation to meet operational, functional, system, and security requirements. Lifecycle Support Includes: ● Planning, analysis, user support, and continuous refinement. ● OEM upgrades, security audit mitigation, compliance with evolving cybersecurity requirements. ● Technical refreshes, enhancements, service requests, and potential organizational transitions. Development Approach: All services will follow Agile practices, covering: ● Story development and backlog management. ● Software and interface development. ● Database development and testing.
2.7.1 Agile Development Capability- Summary - I ● All services must follow Agile practices (e.g., story development, backlog management, testing, integration). ● Support includes: a. Interfacing with external systems and data sources. b. Establishing databases and services. c. ATO support, firewall configuration, CGOne integration. ● Contractor must: a. Operate an Agile capability per C5ISC Configuration & Change Management Policy (M4130.1). b. Apply continuous adaptation, iterative development, and collaboration with stakeholders. c. Support all phases: planning, development, testing, bug fixes, documentation. d. Provide staff, methodology, and process for Agile dev, testing, security, release, and O&M. e. Deliver Sprint Progress Reports (e.g., velocity, story points, defects, risk matrix). 1.1.1 Design and Development ● Follow USCG standards (M4130.1) and use non-proprietary tools (with Govt. approval). ● Integrate with HERMN (USCG Software Factory) for build and deployment. ● Use USCG Jira for task tracking. ● Support continuous backlog grooming and respond to priorities set by PLPM. ● Convert service/help tickets (CGFIXIT) to PBIs with sprint estimates for Govt. review.
2.7.1 Agile Development Capability - Summary - II 1.1.1 Requirements and Design Engineering ● Apply systems engineering to gather, validate, and manage stakeholder requirements. ● Transform baselined requirements into detailed system designs. ● Support design of architecture and manage DEVSECOPS platforms (including containers and COTS LCAP). ● Use C5I BEARS for defining/documenting system, functional, and security requirements. 1.1.2 Testing and Documentation ● Conduct all test types (unit, functional, integration, acceptance) per M4130.1. ● Provide test results linked to user story acceptance criteria. ● Release only fully tested software with Government approval. ● Support creation of lean documentation and maintain a dynamic documentation repository. ● Store all artifacts in Government-approved repositories. 1.1.3 Integration and Test Strategy ● Ensure all requirements are verifiable and traceable through development and testing. ● Maintain: ○ TEMP, test case specs, and system acceptance procedures/reports. ● Demonstrate traceability of test results to documented requirements. ● Conduct security testing to validate fulfillment of system security requirements. ● Develop a strategy for 100% automated testing to enhance standardization and reduce manual effort.
2.7.1 Agile Development Capability - Approach - I ● Establish and maintain an Agile delivery framework using the Scaled Agile Framework (SAFe) to guide iterative development, ensure stakeholder alignment, and deliver continuous value. ● Use Jira (USCG Enterprise instance) integrated with Confluence to manage: ○ Backlogs, Epics, Stories, and Tasks ○ Sprint planning and tracking ○ Team collaboration and documentation ● Leverage GitLab CI/CD pipelines integrated with HERMN (High Efficiency Rapid Modernization Network) to: ○ Automate build, test, and deployment workflows ○ Ensure secure code compilation and containerization ○ Support DevSecOps and compliance with USCG policies ● Implement continuous testing and quality control using: ○ Selenium and JUnit for automated functional and unit testing ○ SonarQube for code quality analysis ○ OWASP ZAP and Fortify for security scanning ● Conduct Agile ceremonies including: ○ Daily stand-ups, Sprint Planning, Retrospectives, and Backlog Grooming ○ Sprint Reviews with USCG Product Owner to ensure alignment on deliverables ● Convert service/help tickets from CGFIXIT into PBIs with story points and Sprint estimates using a standardized intake and triage process managed in Jira ● Develop and maintain lean, traceable documentation using: ○ Markdown-based repositories in GitLab or Confluence ○ Linked to Jira tickets for continuous synchronization
2.7.1 Agile Development Capability - Approach - II ● Facilitate stakeholder collaboration and requirements capture using: ○ Miro and Lucidchart for process flows and system design visualization ○ C5I BEARS to document, manage, and track requirements and system specifications ● Use SysML or Sparx EA for model-based systems engineering and design validation ● Maintain architectural documentation and system baselines in Git-based repositories and align with C5I EA standards ● Define and document system-level and security requirements with explicit tagging and separation using custom fields and workflows in Jira and BEARS ● Create automated test plans and scripts in: ○ TestRail (integrated with Jira) ○ Postman and Newman for API testing ○ Cypress for end-to-end browser testing ● Maintain a Test and Evaluation Master Plan (TEMP) and version-controlled test artifacts in GitLab and Confluence ● Store all documentation, including test results, in centralized, searchable repositories approved by the USCG (e.g., SharePoint, GitLab Wikis) ● Ensure traceability from requirements → design → implementation → test using Jira Traceability Matrix and linked Confluence documentation ● Utilize container orchestration and DEVSECOPS practices with: ○ Kubernetes, Docker, and OpenShift (Gov-approved platforms) ○ Integrate security scans via Aqua Security, Anchore, or Clair
2.7.1 Agile Development Capability - Approach - II ● Perform continuous integration, security testing, and deployment using: ○ GitLab CI, SonarQube, Fortify, and Nessus ○ Secure pipelines that validate code, containers, and infrastructure-as-code (IaC) ● Maintain 100% automated testing coverage roadmap: ○ Prioritize test automation using Cucumber and Selenium Grid ○ Maintain versioned automated test scripts for all critical business flows ● Generate Sprint Progress Reports via: ○ Jira dashboards and burndown charts ○ Velocity tracking and release planning reports shared via Confluence and MS Teams ● Provide real-time visibility into risk, defect, and deployment status via: ○ Power BI dashboards or Jira Advanced Roadmaps ● Collaborate continuously with USCG stakeholders using: ○ Microsoft Teams and Zoom for Sprint ceremonies and working sessions ○ SharePoint for document sharing and formal deliverables
1.2 IMPLEMENTATION - Summary ● Contractor must execute a Government-approved implementation strategy to: ○ Prepare systems, environments, organizations, and users. ○ Ensure solution meets mission and operational requirements. ● Strategy must address: ○ Environment preparation and production deployment. ○ Data extraction, transformation, and loading (ETL) into production. ○ Coordination of changes to implementation processes. ○ Training delivery for end users and stakeholders. ○ Creation of Version Description Documents (VDD). ○ Development of transition and supporting documentation. ● Contractor shall develop and maintain full System Documentation for VIDA DMS.
1.2 IMPLEMENTATION - Approach - I ● Execute a Government-approved implementation strategy aligned with Agile and DevSecOps principles to ensure seamless deployment of VIDA DMS capabilities into the operational environment. ● Prepare environments for deployment by: a. Coordinating with USCG infrastructure teams to provision and validate development, staging, and production environments b. Using Infrastructure as Code (IaC) with Terraform and Ansible to configure environments consistently and securely c. Automating environment validation with Selenium and Postman test scripts ● Deploy solutions into production using: a. GitLab CI/CD pipelines integrated with USCG’s HERMN environment b. Blue-Green or Canary deployments to minimize service disruption c. Rollback and contingency plans managed through Git version control and deployment scripts ● Perform ETL operations (Extraction, Transformation, Load) using: a. Apache NiFi, Talend, or custom Python scripts to extract legacy data, transform formats, and load into VIDA DMS b. Validate data integrity using automated data verification scripts and SQL-based checks ● Coordinate changes to implementation processes by: a. Using Jira Change Management workflows to track implementation tickets and approvals b. Holding Change Control Board (CCB) meetings as needed to assess impacts and risks ● Conduct user and administrator training through: a. Instructor-led sessions using Microsoft Teams and recorded modules via Articulate 360 or Adobe Captivate b. Developing user manuals and quick-reference guides hosted in Confluence or SharePoint c. Tracking training completion via learning management tools or integrated Jira/Confluence dashboards
1.2 IMPLEMENTATION - Approach - II ● Develop and maintain a Version Description Document (VDD) that includes: a. Deployment history, configuration changes, known issues, and rollback instructions b. Stored and version-controlled in GitLab or Confluence ● Develop transition and supporting documentation such as: a. System Operations Manuals, User Guides, Interface Control Documents (ICDs), and Support Playbooks b. All documents aligned with USCG documentation standards and housed in SharePoint and Git repositories ● Develop and maintain system documentation for VIDA DMS by: a. Following Agile documentation practices (lightweight, continuously updated) b. Using Confluence, Markdown-based GitLab Wikis, and diagramming tools like Lucidchart or Draw.io c. Ensuring traceability between system documentation, requirements, and test cases ● Ensure implementation meets mission and operational needs by: a. Engaging end users in UAT cycles during each release b. Capturing and addressing feedback through Jira Service Desk and integrated feedback loops c. Aligning deployments with mission schedules and operational readiness requirements
1.3 OPERATIONS AND MAINTENANCE (O&M)/SUSTAINMENT - Summary - I Focus Areas: ● Operate and maintain VIDA DMS. ● Perform minor defect corrections and tech refreshes. ● Ensure compliance with current security standards. ● Conduct Sprint-based reviews. System Monitoring & Improvements: ● Monitor systems and identify problems. ● Recommend improvements for system capabilities and performance (subject to Government approval). Sustainment Services: ● Deliver Preventive, Corrective, and Adaptive Maintenance. ● Support all Service Requests across the full lifecycle of VIDA DMS. Operational Duties: ● Incident response and Sprint-based reviews. ● OEM upgrades in line with USCG CIO and Cyber Command policies. ● Maintain supported versions of IT products without altering system requirements.
1.3 OPERATIONS AND MAINTENANCE (O&M)/SUSTAINMENT - Summary - II System Maintenance Plan (SMP): ● Develop and maintain SMP using best practices (e.g., ISO/IEC 14764:2006). ● Include maintenance schedules, deliverables, and Service Level Agreement (SLA) targets. Support Capability: ● Address system issues and service requests effectively and efficiently. ● Include tasks like data/account requests, technical inquiries, and back-end support not accessible to users Work Item Complexity and Sprint Duration: ● Minor: 1–2 sprints. ● Moderate: 3–5 sprints. ● Major: >5 sprints. ● Default sprint = 1 month (COR approval needed for changes). Additional Requirements: ● Provide story point estimations for all work items. ● Deliver Root Cause Analysis (RCA) within 10 days of any outage resolution. ● Report key DevOps metrics: ○ Deployment Frequency (DF) ○ Lead Time for Changes (LT)
1.3 OPERATIONS AND MAINTENANCE (O&M)/SUSTAINMENT - Approach - I ● Operate and maintain VIDA DMS using a DevSecOps framework, with activities tracked and executed in Jira and aligned to Sprint cadences (1-month duration). ● Preventive, Corrective, and Adaptive Maintenance will be delivered via: a. Preventive: Scheduled health checks, patch management using WSUS, Red Hat Satellite, or equivalent b. Corrective: Bug fixes and incident response via Jira Service Desk, with root cause analysis performed using Elastic Stack (ELK) logs and Dynatrace c. Adaptive: Refactoring or system upgrades to accommodate evolving security standards or technology shifts, guided by ISO/IEC 14764:2006 principles ● Monitor system health and performance with: a. Nagios, Prometheus, and Grafana for real-time monitoring and visualization b. Alerting via PagerDuty or Opsgenie to ensure rapid incident response ● Manage Service Requests (SRs) using: a. Jira Service Management with automated triage, ticket prioritization based on severity/impact (Priority 1–5), and SLA tracking b. Fulfill SRs such as data refreshes, account creation, and backend data fixes requiring elevated access ● Sprint-based Sustainment Reviews: a. Conduct monthly Sprint reviews, retrospectives, and backlog grooming with Government stakeholders b. Use Confluence to document Sprint deliverables, retrospectives, and progress toward user stories ● Version and OEM upgrades: a. Track software and infrastructure component versions using a Configuration Management Database (CMDB) b. Schedule and execute vendor/OEM version upgrades using tools like SCCM, WSUS, or custom Ansible playbooks c. Ensure compliance with USCG CIO and CYBER Command version control policies
1.3 OPERATIONS AND MAINTENANCE (O&M)/SUSTAINMENT - Approach - II ● System Maintenance Plan (SMP) development and upkeep: a. Maintain the SMP in Confluence or SharePoint, incorporating SLA targets, patch schedules, upgrade cycles, and incident response procedures b. Align SMP content with ISO/IEC 14764:2006 standards for software lifecycle maintenance ● Root Cause Analysis (RCA): a. Conduct RCAs for all outages within 10 business days, using ELK Stack, Splunk, or Dynatrace data b. Include actionable recommendations in Confluence or RCA playbooks with executive-level summaries ● Compliance with C5ISC Configuration and Change Management Policy (M4130.1): a. Submit RFCs (Requests for Change) via Jira or ServiceNow workflows b. Obtain Government approval for all production changes via the Change Control Board (CCB) ● Key DevOps Metrics Reporting: a. Automate reporting for Deployment Frequency (DF), Lead Time for Changes (LT), Mean Time to Recovery (MTTR), and Change Failure Rate (CFR) using: i. Jenkins, GitLab CI, and Grafana dashboards ii. Custom integrations with Jira and Git repositories ● Story Point Estimation for Minor/Moderate/Major Complexity: a. Use Agile Planning Poker tools or Jira-based estimation to size work items: i. Minor: 1–2 Sprints (1–2 months) ii. Moderate: 3–5 Sprints (3–5 months) iii. Major: >5 Sprints (requires separate planning and approval) ● Ensure responsiveness and service levels by: a. Logging all tickets and requests in Jira Service Management
1.4 INFORMATION SECURITY - Summary - I ● Governance and Compliance: a. Adhere to DoD cybersecurity standards, policies, and directives per Appendix 5 (DoD–DHS MOA). b. Remain responsive to U.S. Cyber Command for Coast Guard-operated DoDIN systems and networks. c. Ensure compliance with: i. DHS oversight requirements ii. Federal Information Security Modernization Act (FISMA) iii. Acquisition and financial audit reporting ● Cybersecurity Requirements: a. All technical services and deliverables must comply with DoD, DHS, and USCG cybersecurity, information assurance, and cyberspace operations directives. b. Sustain a cybersecurity posture that protects the integrity, availability, authenticity, non-repudiation, and confidentiality of all information systems. ● System Security Engineering: a. Use NIST 800-160 series practices for secure system deployment and maintenance. b. Prevent degradation of Confidentiality, Integrity, Availability (CIA) through continuous engineering and validation. ● Collaboration and Lifecycle Security: a. Work closely with support service Contractors to apply cost-effective countermeasures across the system lifecycle. b. Support security collaboration across integrated C5ISC support contracts (Appendix 4).
1.4 INFORMATION SECURITY - Summary - II ● Security Documentation and Compliance: a. Maintain: i. Privacy Threshold Analysis (PTA) ii. Plan of Action and Milestones (POA&M) iii. FIPS-199 Security Categorization iv. System Security Plan v. Security Test & Evaluation (ST&E) Plan vi. Security Accreditation Package (SAP) vii. Security Traceability Matrix b. Ensure participation in independent audits and the Security Authorization Process (SAP). ● eMASS Support: a. Provide information for Government review within eMASS (Contractor has read-only access). b. Examples include: unimplementable security controls, POA&Ms, ATO documentation, and mitigation procedures. ● Security Bug/Deficiency Tracking: a. Maintain a centralized, searchable repository for all identified security bugs or deficiencies. ● Ports, Protocols, and Services (PPS) Review: a. Perform annual PPS reviews. b. Maintain compliance with DoDI 8551.01 and document within the DoD PPS Management System for VIDA DMS.
1.4 INFORMATION SECURITY - Approach - I Implement DoD/DHS/USCG Cybersecurity Compliance ● Our team ensures all deliverables align with DoD RMF (Risk Management Framework), DHS 4300A, and USCG Cyber Command directives. ● We use Secure Configuration Baselines (e.g., DISA STIGs) applied through Ansible or Puppet to enforce system hardening. Support Federal Compliance and Audit Requirements ● We support FISMA and financial audit reporting using Xacta or Archer GRC to track controls, POA&Ms, and audit readiness. ● Our cybersecurity SMEs map security controls to compliance frameworks via NIST SP 800-53 Rev. 5 in conjunction with eMASS templates. Employ Secure SDLC and System Security Engineering Practices ● Incorporate NIST SP 800-160 throughout the lifecycle using tools like Microsoft Threat Modeling Tool, OWASP Dependency-Check, and SonarQube to assess and mitigate vulnerabilities in design and code. ● Use Fortify, Checkmarx, or Veracode for secure code analysis during Sprint cycles. Centralized Vulnerability and Bug Tracking ● All identified security issues are tracked in a centralized Jira project with tagging and linkage to POA&M and release tickets. ● Integration with ServiceNow Security Operations (SecOps) enables streamlined remediation and incident tracking
1.4 INFORMATION SECURITY - Approach - II Support Security Documentation & Authorization Packages ● Develop and maintain artifacts including: ○ FIPS-199 Security Categorization ○ System Security Plan (SSP) ○ ST&E Plan ○ Security Traceability Matrix ○ ATO supporting documentation ● Documents are managed and versioned in SharePoint or Confluence with access control and change tracking. Collaborate on Independent Audits & SAP Activities ● Support internal and external audits with pre-assessment readiness reviews. ● Participate in audit walkthroughs and findings remediation using tools such as Planview or SmartSheets for audit tracking. eMASS Support (Read-Only Access) ● Our ISSO Support Team compiles and validates cybersecurity inputs (control implementations, POA&Ms, risk statements) in approved formats for upload by the Government into eMASS. ● Maintain a local master compliance tracker with traceability between implemented controls and supporting evidence.
1.4 INFORMATION SECURITY - Approach - III Annual Ports, Protocols, and Services (PPS) Reviews ● Perform annual PPSM reviews using DoD PPSM Registry and document all justifications and ports/services usage in Excel-based matrix approved by the USCG Cybersecurity Authority. ● Updates are coordinated with network and application teams through Microsoft Teams and SharePoint workflows. Continuous Security Monitoring & Reporting ● Integrate Splunk or Elastic Stack (ELK) for real-time log aggregation and security monitoring. ● Use Tenable Nessus, Qualys, or OpenVAS to conduct recurring vulnerability scans with reporting aligned to POA&M remediation. Incident Response and Threat Intelligence Collaboration ● Use ServiceNow SecOps or Jira to track and resolve incidents with severity-based SLA metrics. ● Subscribe to US-CERT and DoD Cyber Exchange for threat intelligence feeds and vulnerability bulletins.
1.5 USER TRAINING - Summary ● User Role-Based Training: a. Develop and deliver training for all users based on their specific roles within VIDA DMS. b. Ensure training covers all implemented capabilities of the system. ● Training Materials: a. Create and provide supporting training materials, including: i. User manuals ii. Training videos iii. Online help resources iv. Other instructional materials aligned with the training approach ● Training Plan: a. Develop and submit a comprehensive Training Plan that: i. Describes the training approach ii. Details the types of supporting materials iii. Outlines how and when training will be delivered ● Timeline for Deliverables: a. Draft training materials due one (1) week prior to User Acceptance Testing (UAT) b. Final training materials due one (1) week prior to production deployment
1.5 USER TRAINING - Approach - I Develop a Comprehensive Role-Based Training Plan ● Our team will create a Training Plan aligned with VIDA DMS user roles (e.g., end users, administrators, supervisors). ● The plan will detail training objectives, methods (instructor-led, self-paced, hybrid), timelines, and assessment strategies. ● We will use Microsoft Word or Confluence to draft and maintain the Training Plan, ensuring version control and collaboration. Design and Deliver Engaging Training Materials ● Materials will include: ○ User guides and quick reference cards (PDF/printable) ○ Step-by-step video tutorials (using Camtasia or Loom) ○ Interactive simulations or walkthroughs (via WalkMe or Whatfix) ○ Online help integrated into VIDA DMS (HTML-based FAQs and tooltips) ● Materials will be tailored per user role to ensure relevance and clarity. Deliver Timely Draft and Final Training Materials ● Initial drafts of all training materials will be submitted one week prior to User Acceptance Testing (UAT). ● Final versions will be delivered one week before Production deployment to support readiness and reduce adoption risk.
1.5 USER TRAINING - Approach - II Facilitate Live and On-Demand Training Sessions ● Conduct live, role-specific sessions via Microsoft Teams or Zoom, supported by interactive Q&A and live demos in a sandbox environment. ● Record all sessions and host them on SharePoint or a Learning Management System (LMS) such as TalentLMS for on- demand access. Measure Training Effectiveness ● Pre- and post-training quizzes and surveys will be administered using Microsoft Forms or Google Forms to evaluate knowledge transfer and gather user feedback. ● Feedback will be analyzed to make quick improvements to materials and delivery methods. Support Ongoing Training Needs Post-Deployment ● Maintain an up-to-date online knowledge base and FAQ repository in Confluence or SharePoint. ● Offer refresher sessions and “train-the-trainer” programs for in-house champions to continue supporting new users. Ensure Accessibility and Inclusivity ● All training content will comply with Section 508 and WCAG 2.1 standards, including closed captions for videos and screen- reader compatibility for documents. Coordinate with Stakeholders for Training Logistics

More Related Content

DOCX
CoreyCPayneOctober2016
Corey Payne
 
DOC
Srujana Unnam Microstrategy Profile
srujana unnam
 
PPTX
Replace that cracked junk! Gotta do them.
tobiasaldini37
 
PPTX
evalmyBRAND-SGN.pptx
DileepDileep30
 
PDF
Infrastructure as Code Maturity Model v1
Gary Stafford
 
DOC
NVReddy
Venkateswarareddy Nellore
 
DOC
NVReddy
Venkateswarareddy Nellore
 
PPTX
Arcadia overview nr2
EU ARCADIA PROJECT
 
CoreyCPayneOctober2016
Corey Payne
 
Srujana Unnam Microstrategy Profile
srujana unnam
 
Replace that cracked junk! Gotta do them.
tobiasaldini37
 
evalmyBRAND-SGN.pptx
DileepDileep30
 
Infrastructure as Code Maturity Model v1
Gary Stafford
 
NVReddy
Venkateswarareddy Nellore
 
NVReddy
Venkateswarareddy Nellore
 
Arcadia overview nr2
EU ARCADIA PROJECT
 

Similar to LOW CODE NO CODE PLATFORM Agile Developm (20)

PDF
Cloud Testing in 2025 - Know All About.pdf
kalichargn70th171
 
PPTX
Data Ops at TripActions
Rob Winters
 
PDF
Bryan Woodward - Resume - Software Development Manager
Bryan Woodward, PMP, PMI-ACP, A-CSM, CAL, CSPO, SA
 
PDF
Cloud Testing in 2025 - Know All About.pdf
flufftailshop
 
DOC
BVT_Swamy_Abap_4
BOGGARAPU VENKATA TRINADHA SWAMY
 
DOC
Amitabha Cv 15022010
Amitabha Banerjee
 
PPTX
GN42_SA2_JRA3 kick off_201612071234.pptx
WorldTrade3
 
DOC
Ignatius Prasad Guntupalli
Ignatius Prasad ( SC Cleared)
 
PDF
Cloud Testing in 2024 - Know All About.pdf
flufftailshop
 
PDF
Resume2015
David Youngworth
 
DOCX
VASU_VALLABHUNI_INFOSYS
Vasu VALLABHUNI
 
PPTX
SpiraPlan Overview Presentation (2022)
Inflectra
 
DOC
Joel Lucien Resume
Joel Lucien
 
DOC
Vinoth_Perumal_Datawarehousing
vinoth perumal
 
DOC
sagar
sagar k gowda
 
PDF
The Future of Application Modernization Service Strategies
Ella Maxwell
 
DOC
resume-ts-current- edit 02-08
Thomas Savard
 
PPTX
Business Case _ PM.pptx
vaibhavverma749167
 
PPTX
SpiraPlan Overview Presentation (2021)
Inflectra
 
PDF
Integrated Project Management and Analytical Reporting System.pdf
crdelmiro
 
Cloud Testing in 2025 - Know All About.pdf
kalichargn70th171
 
Data Ops at TripActions
Rob Winters
 
Bryan Woodward - Resume - Software Development Manager
Bryan Woodward, PMP, PMI-ACP, A-CSM, CAL, CSPO, SA
 
Cloud Testing in 2025 - Know All About.pdf
flufftailshop
 
BVT_Swamy_Abap_4
BOGGARAPU VENKATA TRINADHA SWAMY
 
Amitabha Cv 15022010
Amitabha Banerjee
 
GN42_SA2_JRA3 kick off_201612071234.pptx
WorldTrade3
 
Ignatius Prasad Guntupalli
Ignatius Prasad ( SC Cleared)
 
Cloud Testing in 2024 - Know All About.pdf
flufftailshop
 
Resume2015
David Youngworth
 
VASU_VALLABHUNI_INFOSYS
Vasu VALLABHUNI
 
SpiraPlan Overview Presentation (2022)
Inflectra
 
Joel Lucien Resume
Joel Lucien
 
Vinoth_Perumal_Datawarehousing
vinoth perumal
 
sagar
sagar k gowda
 
The Future of Application Modernization Service Strategies
Ella Maxwell
 
resume-ts-current- edit 02-08
Thomas Savard
 
Business Case _ PM.pptx
vaibhavverma749167
 
SpiraPlan Overview Presentation (2021)
Inflectra
 
Integrated Project Management and Analytical Reporting System.pdf
crdelmiro
 
Ad

Recently uploaded (20)

PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
A Presentation on Artificial Intelligence
memembruh336
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Ad

LOW CODE NO CODE PLATFORM Agile Developm

  • 1. VESSEL INCIDENTAL DISCHARGE ACT (VIDA) DATA MANAGEMENT SYSTEM
  • 2. Background ● VIDA Law Enacted: Signed into law on December 4, 2018, the Vessel Incidental Discharge Act (VIDA) revises how the EPA and USCG regulate incidental discharges from commercial vessels. ● Amendment to Clean Water Act: VIDA adds Section 312(p), establishing uniform national standards for vessel discharges. ● EPA & USCG Responsibilities: ○ EPA must develop national discharge standards. ○ USCG must implement and enforce regulations within two years of EPA's final rule publication (issued in 2024). ● State Coordination: VIDA mandates coordination with states, including data sharing for enforcement purposes. ● Regulatory Streamlining: Aims to unify disparate federal, state, and local vessel discharge requirements. ● USCG System Requirement: ○ VIDA requires a dynamic, online data management system (VIDA DMS) for federal, state, and industry stakeholder use. ○ The system must support compliance, enforcement, and information sharing. ● Key System Capabilities: ○ Receive continuous multi-source input. ○ Analyze/validate data using compliance criteria. ○ Act as an information repository. ○ Provide real-time analytical reporting. ○ Enable 24/7 access to VIDA-related data. ● Current Gap: No active system exists; VIDA DMS will fill this void using a COTS Low-Code Application Platform (LCAP). ● Deployment Deadline: Minimum Viable Capability Release (MVCR) of VIDA DMS must be operational by July 31, 2026.
  • 3. Scope Objective: Deliver IT services for the full lifecycle of a cloud-based COTS Low-Code Application Platform (LCAP) to support the VIDA Data Management System (DMS). Key Responsibilities: ● Platform selection, design, development, and implementation. ● Configuration, operation, sustainment, and optimization of the solution. ● Ongoing adaptation to meet operational, functional, system, and security requirements. Lifecycle Support Includes: ● Planning, analysis, user support, and continuous refinement. ● OEM upgrades, security audit mitigation, compliance with evolving cybersecurity requirements. ● Technical refreshes, enhancements, service requests, and potential organizational transitions. Development Approach: All services will follow Agile practices, covering: ● Story development and backlog management. ● Software and interface development. ● Database development and testing.
  • 4. 2.7.1 Agile Development Capability- Summary - I ● All services must follow Agile practices (e.g., story development, backlog management, testing, integration). ● Support includes: a. Interfacing with external systems and data sources. b. Establishing databases and services. c. ATO support, firewall configuration, CGOne integration. ● Contractor must: a. Operate an Agile capability per C5ISC Configuration & Change Management Policy (M4130.1). b. Apply continuous adaptation, iterative development, and collaboration with stakeholders. c. Support all phases: planning, development, testing, bug fixes, documentation. d. Provide staff, methodology, and process for Agile dev, testing, security, release, and O&M. e. Deliver Sprint Progress Reports (e.g., velocity, story points, defects, risk matrix). 1.1.1 Design and Development ● Follow USCG standards (M4130.1) and use non-proprietary tools (with Govt. approval). ● Integrate with HERMN (USCG Software Factory) for build and deployment. ● Use USCG Jira for task tracking. ● Support continuous backlog grooming and respond to priorities set by PLPM. ● Convert service/help tickets (CGFIXIT) to PBIs with sprint estimates for Govt. review.
  • 5. 2.7.1 Agile Development Capability - Summary - II 1.1.1 Requirements and Design Engineering ● Apply systems engineering to gather, validate, and manage stakeholder requirements. ● Transform baselined requirements into detailed system designs. ● Support design of architecture and manage DEVSECOPS platforms (including containers and COTS LCAP). ● Use C5I BEARS for defining/documenting system, functional, and security requirements. 1.1.2 Testing and Documentation ● Conduct all test types (unit, functional, integration, acceptance) per M4130.1. ● Provide test results linked to user story acceptance criteria. ● Release only fully tested software with Government approval. ● Support creation of lean documentation and maintain a dynamic documentation repository. ● Store all artifacts in Government-approved repositories. 1.1.3 Integration and Test Strategy ● Ensure all requirements are verifiable and traceable through development and testing. ● Maintain: ○ TEMP, test case specs, and system acceptance procedures/reports. ● Demonstrate traceability of test results to documented requirements. ● Conduct security testing to validate fulfillment of system security requirements. ● Develop a strategy for 100% automated testing to enhance standardization and reduce manual effort.
  • 6. 2.7.1 Agile Development Capability - Approach - I ● Establish and maintain an Agile delivery framework using the Scaled Agile Framework (SAFe) to guide iterative development, ensure stakeholder alignment, and deliver continuous value. ● Use Jira (USCG Enterprise instance) integrated with Confluence to manage: ○ Backlogs, Epics, Stories, and Tasks ○ Sprint planning and tracking ○ Team collaboration and documentation ● Leverage GitLab CI/CD pipelines integrated with HERMN (High Efficiency Rapid Modernization Network) to: ○ Automate build, test, and deployment workflows ○ Ensure secure code compilation and containerization ○ Support DevSecOps and compliance with USCG policies ● Implement continuous testing and quality control using: ○ Selenium and JUnit for automated functional and unit testing ○ SonarQube for code quality analysis ○ OWASP ZAP and Fortify for security scanning ● Conduct Agile ceremonies including: ○ Daily stand-ups, Sprint Planning, Retrospectives, and Backlog Grooming ○ Sprint Reviews with USCG Product Owner to ensure alignment on deliverables ● Convert service/help tickets from CGFIXIT into PBIs with story points and Sprint estimates using a standardized intake and triage process managed in Jira ● Develop and maintain lean, traceable documentation using: ○ Markdown-based repositories in GitLab or Confluence ○ Linked to Jira tickets for continuous synchronization
  • 7. 2.7.1 Agile Development Capability - Approach - II ● Facilitate stakeholder collaboration and requirements capture using: ○ Miro and Lucidchart for process flows and system design visualization ○ C5I BEARS to document, manage, and track requirements and system specifications ● Use SysML or Sparx EA for model-based systems engineering and design validation ● Maintain architectural documentation and system baselines in Git-based repositories and align with C5I EA standards ● Define and document system-level and security requirements with explicit tagging and separation using custom fields and workflows in Jira and BEARS ● Create automated test plans and scripts in: ○ TestRail (integrated with Jira) ○ Postman and Newman for API testing ○ Cypress for end-to-end browser testing ● Maintain a Test and Evaluation Master Plan (TEMP) and version-controlled test artifacts in GitLab and Confluence ● Store all documentation, including test results, in centralized, searchable repositories approved by the USCG (e.g., SharePoint, GitLab Wikis) ● Ensure traceability from requirements → design → implementation → test using Jira Traceability Matrix and linked Confluence documentation ● Utilize container orchestration and DEVSECOPS practices with: ○ Kubernetes, Docker, and OpenShift (Gov-approved platforms) ○ Integrate security scans via Aqua Security, Anchore, or Clair
  • 8. 2.7.1 Agile Development Capability - Approach - II ● Perform continuous integration, security testing, and deployment using: ○ GitLab CI, SonarQube, Fortify, and Nessus ○ Secure pipelines that validate code, containers, and infrastructure-as-code (IaC) ● Maintain 100% automated testing coverage roadmap: ○ Prioritize test automation using Cucumber and Selenium Grid ○ Maintain versioned automated test scripts for all critical business flows ● Generate Sprint Progress Reports via: ○ Jira dashboards and burndown charts ○ Velocity tracking and release planning reports shared via Confluence and MS Teams ● Provide real-time visibility into risk, defect, and deployment status via: ○ Power BI dashboards or Jira Advanced Roadmaps ● Collaborate continuously with USCG stakeholders using: ○ Microsoft Teams and Zoom for Sprint ceremonies and working sessions ○ SharePoint for document sharing and formal deliverables
  • 9. 1.2 IMPLEMENTATION - Summary ● Contractor must execute a Government-approved implementation strategy to: ○ Prepare systems, environments, organizations, and users. ○ Ensure solution meets mission and operational requirements. ● Strategy must address: ○ Environment preparation and production deployment. ○ Data extraction, transformation, and loading (ETL) into production. ○ Coordination of changes to implementation processes. ○ Training delivery for end users and stakeholders. ○ Creation of Version Description Documents (VDD). ○ Development of transition and supporting documentation. ● Contractor shall develop and maintain full System Documentation for VIDA DMS.
  • 10. 1.2 IMPLEMENTATION - Approach - I ● Execute a Government-approved implementation strategy aligned with Agile and DevSecOps principles to ensure seamless deployment of VIDA DMS capabilities into the operational environment. ● Prepare environments for deployment by: a. Coordinating with USCG infrastructure teams to provision and validate development, staging, and production environments b. Using Infrastructure as Code (IaC) with Terraform and Ansible to configure environments consistently and securely c. Automating environment validation with Selenium and Postman test scripts ● Deploy solutions into production using: a. GitLab CI/CD pipelines integrated with USCG’s HERMN environment b. Blue-Green or Canary deployments to minimize service disruption c. Rollback and contingency plans managed through Git version control and deployment scripts ● Perform ETL operations (Extraction, Transformation, Load) using: a. Apache NiFi, Talend, or custom Python scripts to extract legacy data, transform formats, and load into VIDA DMS b. Validate data integrity using automated data verification scripts and SQL-based checks ● Coordinate changes to implementation processes by: a. Using Jira Change Management workflows to track implementation tickets and approvals b. Holding Change Control Board (CCB) meetings as needed to assess impacts and risks ● Conduct user and administrator training through: a. Instructor-led sessions using Microsoft Teams and recorded modules via Articulate 360 or Adobe Captivate b. Developing user manuals and quick-reference guides hosted in Confluence or SharePoint c. Tracking training completion via learning management tools or integrated Jira/Confluence dashboards
  • 11. 1.2 IMPLEMENTATION - Approach - II ● Develop and maintain a Version Description Document (VDD) that includes: a. Deployment history, configuration changes, known issues, and rollback instructions b. Stored and version-controlled in GitLab or Confluence ● Develop transition and supporting documentation such as: a. System Operations Manuals, User Guides, Interface Control Documents (ICDs), and Support Playbooks b. All documents aligned with USCG documentation standards and housed in SharePoint and Git repositories ● Develop and maintain system documentation for VIDA DMS by: a. Following Agile documentation practices (lightweight, continuously updated) b. Using Confluence, Markdown-based GitLab Wikis, and diagramming tools like Lucidchart or Draw.io c. Ensuring traceability between system documentation, requirements, and test cases ● Ensure implementation meets mission and operational needs by: a. Engaging end users in UAT cycles during each release b. Capturing and addressing feedback through Jira Service Desk and integrated feedback loops c. Aligning deployments with mission schedules and operational readiness requirements
  • 12. 1.3 OPERATIONS AND MAINTENANCE (O&M)/SUSTAINMENT - Summary - I Focus Areas: ● Operate and maintain VIDA DMS. ● Perform minor defect corrections and tech refreshes. ● Ensure compliance with current security standards. ● Conduct Sprint-based reviews. System Monitoring & Improvements: ● Monitor systems and identify problems. ● Recommend improvements for system capabilities and performance (subject to Government approval). Sustainment Services: ● Deliver Preventive, Corrective, and Adaptive Maintenance. ● Support all Service Requests across the full lifecycle of VIDA DMS. Operational Duties: ● Incident response and Sprint-based reviews. ● OEM upgrades in line with USCG CIO and Cyber Command policies. ● Maintain supported versions of IT products without altering system requirements.
  • 13. 1.3 OPERATIONS AND MAINTENANCE (O&M)/SUSTAINMENT - Summary - II System Maintenance Plan (SMP): ● Develop and maintain SMP using best practices (e.g., ISO/IEC 14764:2006). ● Include maintenance schedules, deliverables, and Service Level Agreement (SLA) targets. Support Capability: ● Address system issues and service requests effectively and efficiently. ● Include tasks like data/account requests, technical inquiries, and back-end support not accessible to users Work Item Complexity and Sprint Duration: ● Minor: 1–2 sprints. ● Moderate: 3–5 sprints. ● Major: >5 sprints. ● Default sprint = 1 month (COR approval needed for changes). Additional Requirements: ● Provide story point estimations for all work items. ● Deliver Root Cause Analysis (RCA) within 10 days of any outage resolution. ● Report key DevOps metrics: ○ Deployment Frequency (DF) ○ Lead Time for Changes (LT)
  • 14. 1.3 OPERATIONS AND MAINTENANCE (O&M)/SUSTAINMENT - Approach - I ● Operate and maintain VIDA DMS using a DevSecOps framework, with activities tracked and executed in Jira and aligned to Sprint cadences (1-month duration). ● Preventive, Corrective, and Adaptive Maintenance will be delivered via: a. Preventive: Scheduled health checks, patch management using WSUS, Red Hat Satellite, or equivalent b. Corrective: Bug fixes and incident response via Jira Service Desk, with root cause analysis performed using Elastic Stack (ELK) logs and Dynatrace c. Adaptive: Refactoring or system upgrades to accommodate evolving security standards or technology shifts, guided by ISO/IEC 14764:2006 principles ● Monitor system health and performance with: a. Nagios, Prometheus, and Grafana for real-time monitoring and visualization b. Alerting via PagerDuty or Opsgenie to ensure rapid incident response ● Manage Service Requests (SRs) using: a. Jira Service Management with automated triage, ticket prioritization based on severity/impact (Priority 1–5), and SLA tracking b. Fulfill SRs such as data refreshes, account creation, and backend data fixes requiring elevated access ● Sprint-based Sustainment Reviews: a. Conduct monthly Sprint reviews, retrospectives, and backlog grooming with Government stakeholders b. Use Confluence to document Sprint deliverables, retrospectives, and progress toward user stories ● Version and OEM upgrades: a. Track software and infrastructure component versions using a Configuration Management Database (CMDB) b. Schedule and execute vendor/OEM version upgrades using tools like SCCM, WSUS, or custom Ansible playbooks c. Ensure compliance with USCG CIO and CYBER Command version control policies
  • 15. 1.3 OPERATIONS AND MAINTENANCE (O&M)/SUSTAINMENT - Approach - II ● System Maintenance Plan (SMP) development and upkeep: a. Maintain the SMP in Confluence or SharePoint, incorporating SLA targets, patch schedules, upgrade cycles, and incident response procedures b. Align SMP content with ISO/IEC 14764:2006 standards for software lifecycle maintenance ● Root Cause Analysis (RCA): a. Conduct RCAs for all outages within 10 business days, using ELK Stack, Splunk, or Dynatrace data b. Include actionable recommendations in Confluence or RCA playbooks with executive-level summaries ● Compliance with C5ISC Configuration and Change Management Policy (M4130.1): a. Submit RFCs (Requests for Change) via Jira or ServiceNow workflows b. Obtain Government approval for all production changes via the Change Control Board (CCB) ● Key DevOps Metrics Reporting: a. Automate reporting for Deployment Frequency (DF), Lead Time for Changes (LT), Mean Time to Recovery (MTTR), and Change Failure Rate (CFR) using: i. Jenkins, GitLab CI, and Grafana dashboards ii. Custom integrations with Jira and Git repositories ● Story Point Estimation for Minor/Moderate/Major Complexity: a. Use Agile Planning Poker tools or Jira-based estimation to size work items: i. Minor: 1–2 Sprints (1–2 months) ii. Moderate: 3–5 Sprints (3–5 months) iii. Major: >5 Sprints (requires separate planning and approval) ● Ensure responsiveness and service levels by: a. Logging all tickets and requests in Jira Service Management
  • 16. 1.4 INFORMATION SECURITY - Summary - I ● Governance and Compliance: a. Adhere to DoD cybersecurity standards, policies, and directives per Appendix 5 (DoD–DHS MOA). b. Remain responsive to U.S. Cyber Command for Coast Guard-operated DoDIN systems and networks. c. Ensure compliance with: i. DHS oversight requirements ii. Federal Information Security Modernization Act (FISMA) iii. Acquisition and financial audit reporting ● Cybersecurity Requirements: a. All technical services and deliverables must comply with DoD, DHS, and USCG cybersecurity, information assurance, and cyberspace operations directives. b. Sustain a cybersecurity posture that protects the integrity, availability, authenticity, non-repudiation, and confidentiality of all information systems. ● System Security Engineering: a. Use NIST 800-160 series practices for secure system deployment and maintenance. b. Prevent degradation of Confidentiality, Integrity, Availability (CIA) through continuous engineering and validation. ● Collaboration and Lifecycle Security: a. Work closely with support service Contractors to apply cost-effective countermeasures across the system lifecycle. b. Support security collaboration across integrated C5ISC support contracts (Appendix 4).
  • 17. 1.4 INFORMATION SECURITY - Summary - II ● Security Documentation and Compliance: a. Maintain: i. Privacy Threshold Analysis (PTA) ii. Plan of Action and Milestones (POA&M) iii. FIPS-199 Security Categorization iv. System Security Plan v. Security Test & Evaluation (ST&E) Plan vi. Security Accreditation Package (SAP) vii. Security Traceability Matrix b. Ensure participation in independent audits and the Security Authorization Process (SAP). ● eMASS Support: a. Provide information for Government review within eMASS (Contractor has read-only access). b. Examples include: unimplementable security controls, POA&Ms, ATO documentation, and mitigation procedures. ● Security Bug/Deficiency Tracking: a. Maintain a centralized, searchable repository for all identified security bugs or deficiencies. ● Ports, Protocols, and Services (PPS) Review: a. Perform annual PPS reviews. b. Maintain compliance with DoDI 8551.01 and document within the DoD PPS Management System for VIDA DMS.
  • 18. 1.4 INFORMATION SECURITY - Approach - I Implement DoD/DHS/USCG Cybersecurity Compliance ● Our team ensures all deliverables align with DoD RMF (Risk Management Framework), DHS 4300A, and USCG Cyber Command directives. ● We use Secure Configuration Baselines (e.g., DISA STIGs) applied through Ansible or Puppet to enforce system hardening. Support Federal Compliance and Audit Requirements ● We support FISMA and financial audit reporting using Xacta or Archer GRC to track controls, POA&Ms, and audit readiness. ● Our cybersecurity SMEs map security controls to compliance frameworks via NIST SP 800-53 Rev. 5 in conjunction with eMASS templates. Employ Secure SDLC and System Security Engineering Practices ● Incorporate NIST SP 800-160 throughout the lifecycle using tools like Microsoft Threat Modeling Tool, OWASP Dependency-Check, and SonarQube to assess and mitigate vulnerabilities in design and code. ● Use Fortify, Checkmarx, or Veracode for secure code analysis during Sprint cycles. Centralized Vulnerability and Bug Tracking ● All identified security issues are tracked in a centralized Jira project with tagging and linkage to POA&M and release tickets. ● Integration with ServiceNow Security Operations (SecOps) enables streamlined remediation and incident tracking
  • 19. 1.4 INFORMATION SECURITY - Approach - II Support Security Documentation & Authorization Packages ● Develop and maintain artifacts including: ○ FIPS-199 Security Categorization ○ System Security Plan (SSP) ○ ST&E Plan ○ Security Traceability Matrix ○ ATO supporting documentation ● Documents are managed and versioned in SharePoint or Confluence with access control and change tracking. Collaborate on Independent Audits & SAP Activities ● Support internal and external audits with pre-assessment readiness reviews. ● Participate in audit walkthroughs and findings remediation using tools such as Planview or SmartSheets for audit tracking. eMASS Support (Read-Only Access) ● Our ISSO Support Team compiles and validates cybersecurity inputs (control implementations, POA&Ms, risk statements) in approved formats for upload by the Government into eMASS. ● Maintain a local master compliance tracker with traceability between implemented controls and supporting evidence.
  • 20. 1.4 INFORMATION SECURITY - Approach - III Annual Ports, Protocols, and Services (PPS) Reviews ● Perform annual PPSM reviews using DoD PPSM Registry and document all justifications and ports/services usage in Excel-based matrix approved by the USCG Cybersecurity Authority. ● Updates are coordinated with network and application teams through Microsoft Teams and SharePoint workflows. Continuous Security Monitoring & Reporting ● Integrate Splunk or Elastic Stack (ELK) for real-time log aggregation and security monitoring. ● Use Tenable Nessus, Qualys, or OpenVAS to conduct recurring vulnerability scans with reporting aligned to POA&M remediation. Incident Response and Threat Intelligence Collaboration ● Use ServiceNow SecOps or Jira to track and resolve incidents with severity-based SLA metrics. ● Subscribe to US-CERT and DoD Cyber Exchange for threat intelligence feeds and vulnerability bulletins.
  • 21. 1.5 USER TRAINING - Summary ● User Role-Based Training: a. Develop and deliver training for all users based on their specific roles within VIDA DMS. b. Ensure training covers all implemented capabilities of the system. ● Training Materials: a. Create and provide supporting training materials, including: i. User manuals ii. Training videos iii. Online help resources iv. Other instructional materials aligned with the training approach ● Training Plan: a. Develop and submit a comprehensive Training Plan that: i. Describes the training approach ii. Details the types of supporting materials iii. Outlines how and when training will be delivered ● Timeline for Deliverables: a. Draft training materials due one (1) week prior to User Acceptance Testing (UAT) b. Final training materials due one (1) week prior to production deployment
  • 22. 1.5 USER TRAINING - Approach - I Develop a Comprehensive Role-Based Training Plan ● Our team will create a Training Plan aligned with VIDA DMS user roles (e.g., end users, administrators, supervisors). ● The plan will detail training objectives, methods (instructor-led, self-paced, hybrid), timelines, and assessment strategies. ● We will use Microsoft Word or Confluence to draft and maintain the Training Plan, ensuring version control and collaboration. Design and Deliver Engaging Training Materials ● Materials will include: ○ User guides and quick reference cards (PDF/printable) ○ Step-by-step video tutorials (using Camtasia or Loom) ○ Interactive simulations or walkthroughs (via WalkMe or Whatfix) ○ Online help integrated into VIDA DMS (HTML-based FAQs and tooltips) ● Materials will be tailored per user role to ensure relevance and clarity. Deliver Timely Draft and Final Training Materials ● Initial drafts of all training materials will be submitted one week prior to User Acceptance Testing (UAT). ● Final versions will be delivered one week before Production deployment to support readiness and reduce adoption risk.
  • 23. 1.5 USER TRAINING - Approach - II Facilitate Live and On-Demand Training Sessions ● Conduct live, role-specific sessions via Microsoft Teams or Zoom, supported by interactive Q&A and live demos in a sandbox environment. ● Record all sessions and host them on SharePoint or a Learning Management System (LMS) such as TalentLMS for on- demand access. Measure Training Effectiveness ● Pre- and post-training quizzes and surveys will be administered using Microsoft Forms or Google Forms to evaluate knowledge transfer and gather user feedback. ● Feedback will be analyzed to make quick improvements to materials and delivery methods. Support Ongoing Training Needs Post-Deployment ● Maintain an up-to-date online knowledge base and FAQ repository in Confluence or SharePoint. ● Offer refresher sessions and “train-the-trainer” programs for in-house champions to continue supporting new users. Ensure Accessibility and Inclusivity ● All training content will comply with Section 508 and WCAG 2.1 standards, including closed captions for videos and screen- reader compatibility for documents. Coordinate with Stakeholders for Training Logistics