Repository logo
 

Evaluation of a model-based approach to accrediting United States government information technology systems following the authorization to operate process

dc.contributor.authorSanchez, Edan Christopher, author
dc.contributor.authorBradley, Thomas H., advisor
dc.contributor.authorBorky, John M., committee member
dc.contributor.authorSega, Ronald, committee member
dc.contributor.authorZhao, Jianguo, committee member
dc.date.accessioned2025-06-02T15:21:09Z
dc.date.available2025-06-02T15:21:09Z
dc.date.issued2025
dc.description.abstractThis research project explores Model-Based Systems Engineering (MBSE) methodology as a modernized, alternative strategy to improve the United States Government's (USG) accreditation processes and procedures for accepting new/updated information systems. While the primary goal is to significantly accelerate the transition of advanced technology to operational environments, it is imperative that we take advantage of the potential benefits realized through the implementation of a model-based process. While this dissertation primarily focuses on defense systems within the USG domain, the principles discussed are applicable in a broader context. This research focuses on the application of MBSE to defense Information Technology (IT) systems, or simply Information Systems (IS) that requires an Authorization to Operate (ATO). Currently, the security accreditation process for obtaining an ATO for Government systems is primarily document-centric. This approach often leads to frequent schedule overruns, significantly increasing costs and negatively impacting stakeholders. This issue is particularly pronounced for large, software- and data-intensive systems, such as those utilized by the Department of Defense (DoD), Intelligence, and command and control (C2) operations. The complexity of authorization is significantly magnified when systems incorporate third-party applications requiring independent accreditation, creating cascading dependencies that impact overall system security and deployment timelines, as well as for real-time systems that must meet stringent cybersecurity requirements while adhering to strict process deadlines. Mission effectiveness is compromised when operators and end users experience delays in accessing essential tools. The trend toward implementing these types of IT systems is accelerating, highlighting the urgent need to enhance their authorization processes. The proposed approach aims to capture the existing ATO process using a formal Systems Modeling Language (SysML) model. This model will facilitate an analysis to identify bottlenecks, redundant activities, missing interfaces, and other areas of concern. Once the model is developed and analyzed, corrective actions and proposed improvements will be introduced to enhance the process model. The potential benefits will be quantified in terms of speed-to-operations, particularly regarding schedules, as well as improvements in consistency and efficiency throughout the end-to-end process, ultimately leading to a potential reduction in overall system costs. Furthermore, the anticipated gains will be validated through modeling and analysis of the enhanced process as applied to a representative IT system, also represented in SysML. This modeled IT system will reflect the cloud-centric environments currently found in operational contexts, utilizing approved tools and technologies available to development contractors. This research will assess the impact of MBSE on the ATO. It aims to measure MBSE's effectiveness in mitigating inconsistencies, streamlining system deployment timelines, enhancing quality, reducing costs, and delivering other advantages in this practical context. The conclusions drawn from this study will establish a framework for investing in the modernization of the ATO towards a systems-engineered, model-based approach, particularly within the realm of USG systems development. The model-based ATO process will facilitate integration with the federal Digital Engineering (DE) transformation as DE continues to broaden its presence within the federal systems engineering landscape.
dc.format.mediumborn digital
dc.format.mediumdoctoral dissertations
dc.identifierSanchez_colostate_0053A_18810.pdf
dc.identifier.urihttps://hdl.handle.net/10217/241025
dc.languageEnglish
dc.language.isoeng
dc.publisherColorado State University. Libraries
dc.relation.ispartof2020-
dc.rightsCopyright and other restrictions may apply. User is responsible for compliance with all applicable laws. For information about copyright law, please see https://libguides.colostate.edu/copyright.
dc.subjectauthorization to operate
dc.subjectsystem modeling language (SysML)
dc.subjectmodel-based systems engineering (MBSE)
dc.subjectaccreditation
dc.titleEvaluation of a model-based approach to accrediting United States government information technology systems following the authorization to operate process
dc.typeText
dcterms.rights.dplaThis Item is protected by copyright and/or related rights (https://rightsstatements.org/vocab/InC/1.0/). You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).
thesis.degree.disciplineSystems Engineering
thesis.degree.grantorColorado State University
thesis.degree.levelDoctoral
thesis.degree.nameDoctor of Philosophy (Ph.D.)

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Sanchez_colostate_0053A_18810.pdf
Size:
6.83 MB
Format:
Adobe Portable Document Format