By Leon Graves, Unify Manager for DISA/JITC Federal Certification
Any technology vendor hoping to outfit the Department of Defense (DoD) has their work cut out for them. While technology advancements are evolving all the time, the Federal Government and DoD have very specific requirements that go above and beyond the needs of a traditional private sector enterprise, which impacts their approach to technology adoption. Our national security hangs in the balance, after all.
My company, Unify, recently achieved certification from the Joint Interoperability Test Command (JITC) branch of the Defense Information Systems Agency (DISA), so the experience is still fresh in my mind. Fortunately, our team was thoroughly prepared for the challenge of JITC certification and we were able to achieve this goal in just 7 months after beginning testing.
Not every vendor is as prepared for the JITC certification process, however. It is an all-encompassing undertaking that requires careful preparation and patient dedication from all levels of the company. JITC certification is important – it gives the DoD the option to invest in today’s best-of-breed technologies that have proven to have an extremely high level of security and compliance, and ensures that new solutions will bolster the DoD’s existing technology infrastructure. Because Unify believes in the value of JITC certification, I’d like to share some of our biggest takeaways from the process in case your company is interested in using the DoD as a “benchmark” for ensuring future success:
- Know your audience. One of the earliest steps when pursuing JITC certification is proving a need within the DoD. That means you must have and intimate knowledge of your customer, showing you understand the security and compliance issues specific to the DoD’s information technology (IT) and national security systems (NSS) infrastructure. Your solution needs to increase efficiency, productivity and communication for those who use it, which could include government and military personnel as well as other agencies and partner organizations working alongside the DoD. JITC will determine if your solution will improve how these different groups work together in a secure way, which means interoperability can’t be an afterthought – it needs to be an integral capability of the solution from the beginning.
- Do your homework. As with any enterprise organization, the DoD uses a variety of network infrastructure solutions (such as storage, routers and security technologies) as well as services (like voice, video and mobile apps). But each of these solutions require a comprehensive set of documentation. This is one of the most time consuming but important parts of the certification process. JITC uses sources such as the Capability Development Document (CDD), Capability Production Document (CPD) and the Information Support Plan (ISP) to determine requirements for product testing, which will ensure certified solutions will work seamlessly within the DoD’s existing network architecture. Your team will need to be incredibly organized to ensure all paperwork and documentation required are at the ready. For this step, the devil’s in the details.
- Participate from beginning to end. Your project manager plays an essential role in the JITC certification process. This means you need to ensure your project manager is committed and willing to see the process through. This includes everything from agreeing on a set of detailed KPIs with JITC prior to the testing process, gathering and delivering the applicable documentation to the testing facility, serving as an on-site point person during the testing itself and managing all follow up activity. JITC provides clear documentation on what will happen if a project manager decides not to participate: denial of certification, halt of evaluation process and withheld funding. With such high stakes, you need to ensure you have the right project manager on the job.
- Expect the unexpected. Leading up to or during the evaluation, anything can happen. The assessment can include a variety of real-life situations, including realistic combat scenarios. Your on-site team needs to be ready to address detailed questions and troubleshoot any hiccups that arise during this testing. Fortunately, JITC isn’t stingy with seeking solutions to any unforeseen problems. Should any issues arise, JITC will collaborate with the project manager on-site to determine what steps need to be taken in order to rectify the issue and achieve certification. Glitches don’t necessarily disqualify a product from certification, but it will delay the process and increase the time and resources devoted to the mission. Once the project manager takes corrective action, your product should be back on track with its assessment.
- It doesn’t end there. Achieving certification from JITC is not a one-time accomplishment. After the product is certified, the DoD may still discover issues from the field that need to be resolved. Also, in order to maintain credentials, vendors are required to recertify their product every three years. Addendums to a Certification are possible in-between with the “Desktop Review Process” whereby generally only the “delta” is re-tested. Significant changes, such as a major SW release, could require complete retesting of all Test Plan objectives.
Though the path to JITC certification is arduous, it is all for good reason to improve the total quality of the products while adding new innovative capabilities and maintaining some backward compatibility features. Fortunately our team here at Unify was up for the challenge, achieving certification with the initial major SW release. We encourage others pursuing certification to mitigate snags by being knowledgeable about the process and well prepared for the journey ahead.