FEDERAL CASE STUDY Ready, Aim, Fortify! U.S. Army Deploys Application Security Regimen for its Munitions System THE DEPARTMENT | The U.S. Army uses the Total Ammunition Management Information System (TAMIS) to manage conventional munitions requirements. Case Background The Total Ammunition Management Information System (TAMIS) is the U.S. Army application that manages conventional munitions for wartime, training and testing operations across the U.S. Armed Forces – the Army, Marine Corps, National Guard as well as the Navy and Air Force when operating on Army installations. TAMIS handles approximately 350,000 ammunition transactions per month from units located all around the world, supporting more than 7,000 authorized personnel who request, approve and manage munitions. The web-enabled system calculates combat load requirements, validates and routes electronic requests, collects expenditures, and prepares forecasts. More than 50,000 munitions reports are generated each month on the nearly $3 billion in conventional ammunition authorizations managed each year. The primary objectives of TAMIS are to improve munitions governance and to provide military personnel with essential analytical tools that enable a trained and ready armed force. The TAMIS application supports the Army’s training and operational strategies by providing an essential web-enabled capability throughout all phases of the military’s spectrum of operations. Employing a design structured for centralized management and decentralized execution, the system develops, calculates and prioritizes requirements, ensures requisition and authorization data is accurate, and then makes this information available and usable on demand to authorized users without wait time. TAMIS is managed by the Department of the Army G-37, Munitions Management Division. Maintaining training superiority and achieving readiness objectives required the Army to transform its business practices and information management processes as part of the overarching “Net-Centric Data Strategy” of the U.S. Department of Defense (DOD). TAMIS is not a new system. It was originally launched on a mainframe, migrated to Windows NT, and then to its present browser-driven application environment. TAMIS operates in the Mission Assurance Category II sensitive level. As a result, much time and effort has been devoted to TAMIS development and network “hardening” solutions U.S. ARMY TAMIS QUICK STATS • Handles 350,000 ammunition transactions per month from units located across the globe • Supports more than 7,000 authorized personnel who request, approve and manage munitions • Generates 50,000+ munitions reports each month • Manages $3 billion in conventional ammunition authorizations annually KEY CHALLENGES • Implement an application security regimen on an already deployed web application • Provide military personnel with essential, automated analytical tools to enable a trained, armed force • Prevent attacks to the TAMIS system by accurately measuring security risk level and fixing application vulnerabilities in TAMIS • Progress the TAMIS team away from a “checklist mentality” toward a more holistic approach to risk management • Train programmers to secure coding practices and monitor future performance FORTIFY CASE STUDY WWW. FORTIFY .COM
4
Embed
FEDERAL CASE STUDY Ready, Aim, Fortify! U.S. …...environment. In the end, it came down to Fortify and Ounce. Bob Torche was impressed by what he had learned of Fortify and its Fortify
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
FEDERAL CASE STUDY
Ready, Aim, Fortify! U.S. Army Deploys Application Security Regimen for its Munitions System
THE DEPARTMENT | The U.S. Army uses the Total Ammunition Management Information
System (TAMIS) to manage conventional munitions requirements.
Case BackgroundThe Total Ammunition Management Information System (TAMIS) is the U.S. Army
application that manages conventional munitions for wartime, training and testing
operations across the U.S. Armed Forces – the Army, Marine Corps, National Guard as
well as the Navy and Air Force when operating on Army installations.
TAMIS handles approximately 350,000 ammunition transactions per month from units
located all around the world, supporting more than 7,000 authorized personnel who
request, approve and manage munitions. The web-enabled system calculates combat
load requirements, validates and routes electronic requests, collects expenditures, and
prepares forecasts. More than 50,000 munitions reports are generated each month on
the nearly $3 billion in conventional ammunition authorizations managed each year.
The primary objectives of TAMIS are to improve munitions governance and to provide
military personnel with essential analytical tools that enable a trained and ready armed
force. The TAMIS application supports the Army’s training and operational strategies
by providing an essential web-enabled capability throughout all phases of the military’s
spectrum of operations. Employing a design structured for centralized management and
decentralized execution, the system develops, calculates and prioritizes requirements,
ensures requisition and authorization data is accurate, and then makes this information
available and usable on demand to authorized users without wait time.
TAMIS is managed by the Department of the Army G-37, Munitions Management
Division. Maintaining training superiority and achieving readiness objectives required the
Army to transform its business practices and information management processes as
part of the overarching “Net-Centric Data Strategy” of the U.S. Department of Defense
(DOD). TAMIS is not a new system. It was originally launched on a mainframe, migrated
to Windows NT, and then to its present browser-driven application environment.
TAMIS operates in the Mission Assurance Category II sensitive level. As a result, much time
and effort has been devoted to TAMIS development and network “hardening” solutions
U.S. ARMY TAMIS QUICK STATS
• Handles350,000ammunition transactions per month from units locatedacrosstheglobe