Secure Networks
Multi-agency, multi-stakeholder programs where procurement, compliance, and mission alignment determine success.
Inside this journey
-
Pre-Discovery
Align the room on outcomes, decision process, and constraints before deeper discovery.
-
Stakeholder Alignment
Confirm decision roles, timelines, mission-critical windows, and what 'good' looks like for each stakeholder.
Alignment Questions
Starting Here: Your Mission, Timeline, and Stakes
- In one sentence, describe the mission or program that requires this classified or multi‑classification connectivity.
- What is your target timeline for delivered connectivity and any fixed accreditation deadlines?
- Who are the primary decision-makers, approvers, and technical leads for this effort? (select all that apply)
- If there are named stakeholders or points of contact we should include, list their role, name, and best contact method.
- Which single outcome would make you declare this engagement a clear success?
- How urgent is avoiding mission disruption during modernization?
What risks are you quietly telling yourself are 'good enough'?
- When you audit past modernization projects, what trade-offs did you accept that you now worry about?
- How often have prior modernization efforts required accreditation rework or additional RMF cycles?
- Describe the most recent accreditation or RMF failure: what was the finding, and what caused it?
- How frequently do vendor devices or new integrations introduce interoperability exceptions during testing?
- When accreditation or interoperability problems surface, what internal pressures (timeline, budget, career risk) most influence the decisions you make?
Where in your network would a failure be catastrophic?
- Which classification enclaves and boundaries are in scope for this project? (select all that apply)
- Do you have current topology and enclave boundary documentation available?
- If your documentation is partial or outdated, what are the most critical gaps we should know about (e.g., missing cross-domain flows, unknown chokepoints)?
- Which failure modes worry you most if a change is made (select all that apply)?
- Share a recent incident or near-miss that revealed one of these failure modes and what the immediate impact was.
Imagine the day you receive the ATO — what will be different?
- What measurable success signals must be present to convince the Authorizing Official to sign off? (select all that apply)
- Which Zero Trust controls are non‑negotiable for your environment (e.g., identity assurance, microsegmentation, flow logging)?
- What is your ATO or accreditation deadline and are there intermediate gating milestones we must observe?
- What KPIs will your leadership use to judge success (select all that apply)?
- List any acceptance criteria or test cases the Authorizing Official has already specified.
What's quietly blocking progress that vendors keep promising to fix?
- Which operational blockers are most likely to derail the schedule if not resolved? (select all that apply)
- What are your typical procurement lead times for critical encryption hardware, and have you experienced recent supplier delays (weeks)?
- How many cleared/NSA‑certified engineers are available internally right now?
- How many NSA‑certified engineers would the schedule realistically require from a partner during peak install windows?
- If staffing or procurement slips occur, describe the operational, political, or personal impacts you fear most.
If we partnered, how should we prove we deserve the keys to your environment?
- Which proof points matter most when evaluating a secure network integrator? (select all that apply)
- What format of demonstration or evidence would most influence your acquisition decision?
- Are there named encryption devices, cross‑domain products, or versions we must demonstrate experience with? Please list them.
- Would you prefer iterative milestones with go/no‑go decision points during delivery, or a single approval gate at ATO?
- Who should be included in technical walkthroughs, demos, and vendor briefings on your side?
Three months from now — what will convince you we were the right choice?
- Which 90‑day milestone package would most increase your confidence? (select up to three)
- How flexible are your installation and access windows for field engineering teams?
- What would be an acceptable remediation SLA if an accreditation finding arises after deployment (timeframe and scope)?
- What communication cadence during deployment will put you at ease (select one)?
- Who will be the single technical point of contact for field engineers, and what is your preferred escalation path for critical issues?
-
Current State Mapping
Document network topology, enclave boundaries, accreditation gaps, and failure modes that risk mission continuity.
Current State
Quick Snapshot: Where are we starting from?
- Give a one-line summary of your current classified/sensitive network footprint (sites, number of enclaves, primary classification levels).
- Which classification levels and enclave types are in scope today?
- How many physical sites and logical enclaves are we looking at for this effort?
- Roughly how many end systems, servers, and network devices (combined) fall inside the scoped enclaves?
- Who is the single decision owner for network accreditation and mission continuity (title/role)?
What single outage would stop everything right now?
- If one specific failure could immediately halt mission operations, what is it?
- How many times in the last 24 months has that kind of failure occurred (or nearly occurred)?
- When that failure happened or nearly happened, what mitigations were attempted and how effective were they?
- How quickly must you restore service before mission impact becomes unacceptable (RTO)?
- How does the possibility of that outage affect your team’s willingness to approve changes or upgrades?
When 'segmented' might actually be porous
- Are you confident that enclave boundaries are fully documented and enforced — or could hidden flows cross boundaries today?
- List the primary data flows (source -> destination) that must never cross classifications or that require cross-domain guard controls.
- Which technologies currently enforce boundary controls (select all that apply)?
- How often do you reconcile logical diagrams with actual routing/firewall rules to catch 'drift'?
- If we asked to review a current network diagram and an actual flow capture, would they match or reveal surprises?
Where accreditation is quietly fragile
- If your ATO deadline were moved up by 90 days, which accreditation element would you expect to struggle to meet?
- Which RMF step is your program currently in?
- How many open POA&Ms exist that directly affect connectivity or COMSEC, and how long have the oldest been open?
- Who is your Authorizing Official (AO) or Designated Accrediting Authority, and what are their top concerns about this environment?
- What evidence packages (e.g., test logs, DISA STIG checklists, COMSEC inventories) are available immediately versus those that will need creation?
Secrets, Keys, and the Clock on Crypto
- Do you have a complete, audited inventory of all cryptographic devices and keying material that must be reprovisioned or migrated?
- How many devices require Type 1 provisioning or Type 1-equivalent handling as part of this project?
- Who holds COMSEC custody today and what is their capacity to support inventories, turnover, and escorted installs?
- What is the longest lead-time item in the crypto provisioning chain (e.g., device procurement, NSA keying, courier windows, certified engineer availability)?
- On a scale from 1–5, how confident are you that crypto provisioning timelines will align with your deployment windows?
- If there is a shortfall in NSA-certified engineers, what fallback do you have (e.g., contractors, phased installs, remote provisioning)?
When 'it's compatible' turns out to be wishful thinking
- Have you ever assumed two vendors/protocols would interoperate and then discovered they didn't in the field?
- List the major vendors, models, and firmware versions of devices involved in cross-enclave connectivity (firewalls, routers, encryption devices, CDS).
- Which interoperability tests have been run in a lab environment and which remain untested?
- When interoperability exceptions were found previously, how long did remediation take and who owned the fix?
- Would you allow a staged lab rehearsal with our engineers before field installation (requires sanitized test data and access)?
Have we actually practiced the worst-case?
- When was the last time you executed a full cutover rehearsal (including rollback and accreditation evidence capture)?
- Which failure scenarios have you not practiced but worry about (select all that apply)?
- Do you have a documented rollback plan with clear decision gates and owner signatures?
- How comfortable would your operations team be executing a rollback under AO direction, emotionally and technically?
- What monitoring and alerting would tell you in time to avoid a mission-ending failure?
If constraints vanished for a moment
- If budget, staff, and lead times were not constraints, what would an ideal migration look like for your program?
- What are the non-negotiable success criteria the AO and CIO must see to sign off on an ATO?
- Which measurable signals would make you say, 'This migration succeeded' (e.g., latency, throughput, no POA&Ms, AO endorsement)?
- What level of transparency and update cadence do decision-makers expect during cutover (daily, twice-daily, on-demand)?
- Emotionally, what would relief look like to your team after acceptance (confidence, reduced overtime, fewer meeting escalations, other)?
Concrete next steps we can take together
- Which artifacts can you share immediately to accelerate mapping (network diagrams, STIG reports, COMSEC inventories, RMF artifacts)?
- Are you able to grant our engineering team a controlled lab or sanitized data environment for pre-deployment testing?
- What is the single highest-priority gap you'd like us to assess first?
- How soon can we schedule a 90–120 minute technical deep-dive with your network, COMSEC, and RMF leads?
- Who else should be included in discovery to remove blockers (list names/roles: AO, COMSEC custodian, network ops, procurement, facilities)?
-
-
Outcome Discovery
Define target connectivity outcomes, Zero Trust requirements, measurable success signals, and accreditation deadlines.
Discovery Questions
Quick Win: The One Outcome That Changes Everything
- Which single connectivity outcome would validate this entire effort for you?
- Can you briefly describe the current baseline for that outcome (what works today, what doesn't)?
- How long has this outcome been unmet or partially met?
- Who will be the final decision authority that signs off this is achieved?
- What absolute constraints must we honor to pursue that outcome (blackout windows, no-touch periods, accreditation freeze, COMSEC rules)?
What Would Keep the Mission Up at Night?
- If connectivity failed during a critical operation, what would the immediate and downstream consequences be?
- Which failure modes worry you most right now?
- How often have near-misses, partial outages, or service degradations occurred in the past 12 months?
- What current mitigations or workarounds exist, and why haven’t they been sufficient?
- For each mission type affected, how long can it tolerate degraded or lost classified connectivity?
- If we could remove one technical or process risk overnight, which would it be and why?
Who Must Be Convinced Before You Can Move Forward?
- Who will say 'go' — and who could veto — when accreditation evidence lands on their desk?
- Map the key stakeholders and what 'good' looks like to each (role → top acceptance criteria).
- Which stakeholder has the most conservative risk appetite for this program?
- How aligned are stakeholders on timeline, scope, and acceptable trade-offs?
- What communication artifacts and cadence reassure these stakeholders most (pick all that apply)?
- Has any stakeholder previously blocked or delayed similar work? If yes, describe what resolved it.
Are You Sure Your Zero Trust Isn't a Paper Tiger?
- Which Zero Trust requirement do you expect will expose the biggest gaps in your current environment?
- Which Zero Trust pillars are mandatory for this deployment?
- What identity and authentication systems must integrate (e.g., PKI, CAC/PIV, SSO providers)?
- Are device posture checks, endpoint agents, and MFA currently enforced at enclave boundaries?
- What telemetry, logs, and retention window are required for continuous monitoring and accreditation?
- If time or budget forces us to phase Zero Trust features, which must come first and which can wait?
Is the Accreditation Deadline a Cliff or a Guiding Line?
- If the accreditation deadline slips, what will you be forced to sacrifice—capability, scope, or security posture?
- What is the firm accreditation/AO deadline you must meet (or your target date)?
- What RMF step is the system currently in?
- Which accreditation artifacts are already complete or partially complete?
- Historically, how many RMF cycles did similar projects require before AO approval?
- What maximum remediation window is acceptable after assessment before mission risk becomes intolerable?
How Will We Know This Worked—Without Guessing?
- What would make your leadership confidently declare 'mission success' on day one of operations?
- Which measurable acceptance criteria must be demonstrable at cutover?
- What specific performance thresholds (latency, throughput, jitter) matter for your top three applications?
- Which monitoring and reporting outputs would satisfy both operations and the AO?
- Which acceptance test scenarios must be included (select all that apply)?
- How should COMSEC and Type 1 installation validation be independently observed and signed off?
Who Will Carry the Torch When Things Go Sideways?
- If an installation fails accreditation or a device bricks in cutover, who is ultimately accountable—and is that realistic given cross-organizational dependencies?
- Which responsibilities must our integrator team own and which will remain with your staff (please list major domains or provide a RACI outline)?
- How many NSA-certified engineers do you expect on-site during staging and installation, and at what phases?
- What procurement lead-times, supply chain, or customs constraints should we plan for explicitly?
- What escalation path and decision authority will be available during critical windows (names, roles, response SLAs)?
- What training, documentation, or shadowing do you require to transition sustainment to your team after deployment?
If We Succeed, What Does Day 120 Look Like?
- Picture the network on day 120—what's different in how people work, what they see, and what they no longer worry about?
- Which operational handoffs must be complete by day 120?
- What SLA levels and response times do you expect in steady-state sustainment?
- How should sustainment success be measured at months 3, 6, and 12 (examples: compliance score, uptime, mean time to remediate)?
- Which governance model do you prefer for post-deployment changes?
- What unresolved questions or red flags would stop you from committing to a deployment plan today?
-
Solution Experience
Walk through a tailored deployment scenario showing how architecture, COMSEC provisioning, and Type 1 installation deliver required secure connectivity without mission disruption.
Experience Meetings
- Current State & Risk Confirmation
- Tailored Deployment Walkthrough (Architecture → COMSEC → Type 1 Install)
- COMSEC & Type‑1 Provisioning Operational Plan
- Interoperability & Failure‑Mode Tabletop
- Decision & Acceptance Criteria Review
- Assign owners for each mitigation and rollback action to remove ambiguity in a live event.
- COMSEC Handling and Custody Overview
- Establish a validated COMSEC and Type‑1 provisioning timeline with clear custody and staffing commitments.
- Map each required RMF artifact to an owner and delivery date to avoid accreditation rework.
- Agree contingency actions to mitigate common provisioning delays or key custody issues.
- Deliver the COMSEC custody matrix listing custodians, approval authorities, and handling procedures.
- Confirm and publish the NSA‑certified engineer roster with committed availability windows for provisioning and install.
- Create an RMF artifact tracker mapping provisioning events to evidence needed for ATO submission.
- Define Critical Interoperability Points
- Validate that the deployment plan contains robust mitigations for realistic failure modes and preserves mission continuity.
- Agree clear test acceptance criteria and escalation paths for interoperability exceptions.
- One‑Sentence Current State
- Produce a tabletop report documenting scenarios, root causes, mitigations, and residual risks.
- Finalize and publish interoperability test scripts and acceptance criteria for field execution.
- Assign and confirm on-call escalation contacts for the install window with backup coverage.
- Recap: Current State, Consequence, Future State, and Proof
- Obtain explicit mutual commitment to proceed with the proposed plan, including milestone dates and responsible owners.
- Finalize measurable acceptance criteria tied to RMF evidence and ATO milestones so there is no ambiguity at acceptance.
- Confirm procurement lead times and lock staffing commitments that were presented during the Solution Experience.
- Produce the Solution Experience Summary (one-page) containing current-state, consequence, future-state, proof highlights, and agreed milestones for signatures.
- Create a procurement and staffing commitment tracker with delivery dates and named engineer commitments.
- Schedule the Pre‑Deployment Readiness checkpoint and assign owners for evidence collection prior to fieldwork.
- Produce one agreed single-sentence current-state that all parties confirm.
- Surface and quantify the concrete consequences (time, cost, mission risk, accreditation delay) tied to not addressing the problem.
- Identify the stakeholders whose signoff is required during the Solution Experience and their definition of 'good'.
- Publish the agreed one-sentence current-state to the shared channel and attach quantified consequence metrics.
- Produce an initial stakeholder map with names, roles, and success criteria for use in subsequent sessions.
- Collect and share any pre-read artifacts (network diagrams, accreditation history, recent outages) required for the walkthrough.
- Identify required hardware/firmware versions and confirm device procurement staging and lead times against the proposed schedule.
- Future‑State One‑Line Recap
- Prove, step-by-step, that the proposed deployment achieves the agreed future-state and eliminates the documented consequences.
- Obtain customer confirmation at each validation checkpoint that the approach meets their operational definition of 'good'.
- Agree on the primary sequence of activities, cutover windows, and rollback criteria.
- Produce an annotated deployment runbook showing tasks, owners, durations, and validation checkpoints tied to RMF evidence.
- Schedule a hands-on staging window and assign the lead NSA‑certified engineer for the staging exercise.
- Consequence Quantification
- Tabletop Scenario 1: Cutover with Minimal Disruption
- Type‑1 Device Staging & Provisioning Timeline
- Scenario Context & Assumptions
- Deliverables & Measurable Acceptance Criteria
- NSA‑Certified Staffing & Roles
- Stakeholder Impact Map
- Stepwise Deployment Sequence (Proof)
- Procurement Lead Times & Staffing Commitments
- Tabletop Scenario 2: Device Failure During Cutover
- Milestones, Signoffs, and Mutual Commit
- Accreditation Evidence Mapping
- Tabletop Scenario 3: Accreditation Exception / Interop Mismatch
- Mission Continuity Safeguards
- Agreement & Validation
- Agree Test Acceptance Criteria & Escalation
- Next Steps & Owner Assignment
- Contingency for Key Material & Chain of Custody
- Validation Checkpoints & Metrics
- Forced Validation
- Customer Q&A and Validation
-
Solution Scope
Define deliverables, NSA-certified staffing, cross-domain modules, equipment staging, responsibilities, and measurable acceptance criteria tied to RMF cycles.
Scope Configuration
- Install Type-1 Encryptors and Perform Key Injection
- Deploy and Configure Cross-Domain Guard Appliances
- Implement VLAN/VRF Segmentation Across Classified Enclaves
- Apply DISA STIG Hardening to Network Devices and Servers
- Install and Certify Fiber Optic Links Between Enclaves
- Install and Configure Core and Edge Switches with QoS
- Provision Encrypted WAN Circuits and Configure Secure Tunnels
- Stage and Validate Encryption Firmware, Licenses, and Modules
- Perform COMSEC Key Custody Transfer and Inventory
- Execute Interoperability Testing and Resolve Protocol Conflicts
- Harden and Configure Classified Workstations per STIGs
- Implement Cross-Domain Transfer Rules and Content Filters
- Deploy Guarded Remote Access Gateway with MFA
Scope Questions
Install Type-1 Encryptors and Perform Key Injection
- How many Type-1 encryptor units need to be installed?
- Which classification levels must the encryptors support?
- Do you require on-site NSA-certified key injection, or will a controlled remote keying process suffice?
- Are the installation locations cleared for Type-1 COMSEC handling and NSA-certified personnel?
- What are the acceptance criteria for successful installation and keying (e.g., OTDR results, crypto self-tests, authorizing official signoff)?
- What is the target schedule/window for injection and activation (dates or lead time required)?
Deploy and Configure Cross-Domain Guard Appliances
- Which enclaves/domains will the guard connect (list classification pairings)?
- What throughput and latency requirements must the guard support (GB/s, concurrent sessions)?
- Do you have existing guard appliance models preferred or approved for use?
- What policy enforcement capabilities are required (file type filtering, AV scanning, label-based transfer)?
- Are there accreditation or ST&E requirements the guard must pass prior to go-live?
- Who is the authorizing official or accreditation POC for guard acceptance testing?
Implement VLAN/VRF Segmentation Across Classified Enclaves
- How many enclaves and unique VLAN/VRF domains need segmentation?
- What are the logical separation requirements (east-west isolation, management VLANs, shared services)?
- Are there existing VLAN/VRF configurations to map or migrate?
- Do you require automated enforcement (SDN/ACL automation) or manual ACL implementation?
- What acceptance tests will validate segmentation (traffic isolation tests, penetration tests, RMF evidence)?
- List any legacy systems or OT devices that cannot be segmented conventionally and require exceptions.
Apply DISA STIG Hardening to Network Devices and Servers
- Which device types need STIG hardening (routers, switches, firewalls, servers, workstations)?
- Do you already have STIG baselines or a hardening checklist to apply?
- Are there maintenance windows or change control constraints for applying STIGs?
- Do you require automated SCAP/ACAS scanning and remediation reporting as part of the scope?
- What level of evidence is required for RMF packages (STIG checklists, DISA reports, remediation plans)?
- Are any devices running vendor software versions incompatible with current STIGs and require upgrades?
Install and Certify Fiber Optic Links Between Enclaves
- How many fiber runs and what distances separate the endpoints?
- Is dedicated, physically secured conduit available for fiber staging and installation?
- Do you require OTDR, end-to-end certification, and acceptance certificates as deliverables?
- Are there environmental or EMCON constraints affecting routing or equipment placement?
- Will fiber termination include secure enclosures and tamper-detection requirements?
- What acceptance criteria constitute a certified link (loss budget, OTDR splice loss, MSA test results)?
Install and Configure Core and Edge Switches with QoS
- How many core and edge switches are in scope for installation/configuration?
- What QoS policies are required (voice priority, video, mission-critical application classes)?
- Do switches require FIPS-compliant management, TACACS+/RBAC, and audited syslog forwarding?
- Are there chassis/module compatibility or license constraints to consider?
- Will you require staged configuration templates and a rollback/test plan before production cutover?
- What performance validation tests will be used to verify QoS (traffic generators, MOS scores, jitter/latency metrics)?
Provision Encrypted WAN Circuits and Configure Secure Tunnels
- Which WAN circuit types and providers are in scope (MPLS, DIA, satellite, tactical radios)?
- What encryption endpoints and tunnel types are required (IPsec, GRE over IPsec, MACsec, TLS)?
- Are service provider demarcation points and ordering lead times already confirmed?
- Do circuits require FIPS-certified crypto endpoints or Type-1 termination?
- What acceptance tests and KPIs will validate the encrypted circuit (throughput, failover, MTTR)?
- Is there an expected cutover window or zero-downtime requirement for WAN migration?
Stage and Validate Encryption Firmware, Licenses, and Modules
- Do you require pre-staging of firmware and license keys in a controlled environment before field deployment?
- Which firmware versions and module types are approved for use?
- Are license counts and entitlements already purchased and documented?
- Will staged units require firmware hardening or custom images for accreditation?
- What validation tests should be executed during staging (crypto self-test, interoperability matrix, regression tests)?
- Who owns firmware change control and who must approve firmware versions for production?
Perform COMSEC Key Custody Transfer and Inventory
- How many key packets or COMSEC items must be transferred and inventoried?
- Are receiving sites accredited COMSEC custodian facilities with approved storage and handling procedures?
- Do transfers require escorted movement, SCIF-to-SCIF handoff, or logged chain-of-custody forms?
- Will inventory reconciliation be electronic (KMI/CKM) or manual paper inventory?
- What acceptance criteria define a successful custody transfer (signed receipts, audit trail, inventory match)?
- Who are the authorized COMSEC custodians and what are their clearance levels?
Execute Interoperability Testing and Resolve Protocol Conflicts
- Which vendors and device models must be tested for interoperability?
- What protocols and versions are in-scope (BGP, OSPF, EIGRP, STP variants, SNMP versions)?
- Do you have an existing interoperability matrix or test plan, or do you need one developed?
- What are the criteria and escalation path for resolving protocol conflicts (workarounds, firmware changes, vendor fixes)?
- Are lab or emulation environments available for pre-deployment interoperability testing?
- What pass/fail metrics will be used (session stability, failover behavior, performance under load)?
-
Mutual Commit
Finalize terms, procurement lead times, ATO milestones, staffing commitments, and remediation responsibilities to lock the plan.
Agreement Modules
- Statement of Work (SOW)
- Master Services Agreement (MSA)
- Pricing & Payment Schedule
- Procurement & Lead-Time Acknowledgement
- ATO Milestone Plan
- Staffing & NSA-Certified Personnel Commitment
- COMSEC Handling & Type 1 Installation Plan
- Equipment Staging & Logistics Plan
- Change Order & Scope Adjustment Protocol
- Acceptance Criteria & RMF Evidence Checklist
- Remediation & Residual Risk Agreement
- Facility Access & Clearance Confirmation
- Governance, Reporting & Escalation Plan
- Transition to Sustainment & Warranty Terms
- Contract Signature / Purchase Order
-
Deployment
Operationalize rollout with readiness checks, enablement, and outcome validation.
-
Pre-Deployment Readiness
Verify facility clearances, COMSEC handling plans, staging inventories, access windows, and test environments before fieldwork.
Readiness Questions
Quick Read: Where We Stand Right Now
- In one sentence, how would you describe your program’s current readiness for a classified deployment?
- What is your target window for fieldwork to begin?
- Which of these is the primary driver for this deployment right now?
- Who is the single point of contact we should coordinate pre-deployment logistics with (name, role, phone/email)?
- If you had to rank confidence in starting fieldwork as of today, where would you put it?
What Keeps You Awake at Night About the Field Work?
- If one thing goes wrong on day one of fieldwork and it causes a mission delay, what would that one thing most likely be?
- How often have past deployments on similar programs encountered schedule slips due to access or clearance issues?
- Tell us about a previous deployment hiccup that still influences how you plan today—what happened and what was the downstream impact?
- Which outcome worries you more emotionally: mission downtime during cutover, failing accreditation tests, or not having enough certified staff on-site? Explain.
- How long can the mission tolerate a deployment-related outage before leadership escalates?
Who Has the Keys—and Will They Be There?
- Do the facilities where work will occur already have the required personnel clearances and facility accreditation levels?
- Who controls physical and logical access during installation (e.g., facility security officer, base operations, contractor escort)? List roles and names where possible.
- Are there scheduled access windows or blackout periods we must plan around (e.g., exercises, holidays, blackout dates)?
- What escorting or badging requirements will our engineers need to meet before entry (e.g., escorted access only, inbound visitor badges, COMSEC room clearance)?
- Describe any previous delays caused by access or escort logistics and what solved them.
COMSEC and Cryptographic Material: Are We Really Ready?
- If our COMSEC chain is even one link short on day zero, how quickly can you escalate and resolve it—hours, days, or weeks?
- List who is currently authorized as COMSEC custodians and whether custody transfer procedures are documented and practiced.
- Which categories of cryptographic material will we need to stage (Type 1 keys, key encryption keys, device fills, or tokens)?
- Have you previously experienced delays due to COMSEC handling or courier limitations? If so, how was it mitigated?
- How comfortable are your custodians with rapid in-field keying events and the associated recordkeeping?
Staging, Inventory, and Logistics: Can Your Chain Handle It?
- If staging is delayed by 2–4 weeks due to supply or shipping issues, which components would cause the biggest program impact?
- Do you currently have an updated bill of materials (BOM) with serials, firmware versions, and vendor part numbers for every device to be staged?
- Where will staging occur (on-site secure facility, vendor staging yard, other government facility), and what physical security controls are in place there?
- Tell us about your inventory reconciliation cadence—how often do you verify serials, bin counts, and firmware baselines before shipping to the field?
- What are the top three logistics failure modes you want us to plan contingencies for?
Test Grounds and Fail-Safes: Where Will We Break Things First?
- Why would running without a field test environment be risky for this deployment?
- What type of test environment can you provide before fieldwork—lab with representative enclave, emulated network, or on-site sandbox?
- Which interoperability tests are mandatory to pass prior to installing in the production enclave?
- How do you prefer we handle test failures that require a design change—immediate stop to redesign or continue with mitigations and patch later?
- Describe the last time a test uncovered an interoperability exception and how that was resolved operationally and politically.
People and Teams: Do We Have the Right Hands-on-Deck?
- If we needed to put NSA-certified engineers on site tomorrow, how many are cleared and available from your side for the initial 30 days?
- List the roles you expect to have on-site during fieldwork (e.g., NSA-certified crypto engineers, network engineers, facility security, AO representative) and who fills them today.
- How disruptive would it be to pull mission staff into installation activities if contractor staffing falls short (minor, moderate, major impact)?
- What training or ramp-up do your in-house engineers typically need before they can safely support Type 1 installations?
- Are there union, labor, or site-specific constraints that affect contractor hours, overtime, or after-hours work?
If the Plan Slips: What’s Our Real Backup?
- When timelines slip, what contingency has historically preserved mission continuity (e.g., temporary bridging, phased cutover, fall-back circuits)?
- How quickly can your program activate a fall-back plan if an accreditation test fails at final validation?
- What operational compromises are acceptable during remediation (reduced bandwidth, scheduled windows only, degraded cross-domain capability)?
- Who must sign off to trigger the contingency plan and how reachable are they during field operations?
- Describe a contingency activation you ran before—what worked, what failed, and what you would change next time?
Signoffs, Evidence, and the Path to Green
- What is the minimal set of RMF evidence and accreditation artifacts your AO will require at final validation to accept the deployment?
- Who is the Authorizing Official (AO) or AO’s representative we should engage early, and how do they prefer evidence presented?
- Have you ever had an AO reject acceptance because evidence format or traceability was insufficient? What was missing?
- Would you prefer our team pre-package accreditation folders for review (recommended), or to provide raw artifacts for your integration?
- What would success look like to your leadership at handover, in one short sentence?
-
Deployment Enablement
Schedule installs, assign NSA-certified engineers, sequence encryption device provisioning, and coordinate interoperability testing.
-
Validation Checklist
Execute accreditation acceptance tests, capture RMF evidence, resolve interoperability exceptions, and obtain authorizing official signoff.
Validation Questions
Quick Intro — What Brought You Here Today?
- What's the primary trigger prompting you to explore secure network modernization right now?
- Which program or mission does this modernization support (name or short description)?
- What is your decision timeframe to have a deployed, accredited capability?
- Who would you like to have in the room for an initial technical intake (roles, names or offices)?
- On a scale from 1–5, how urgent does this program feel to your leadership (1 = advisory, 5 = mission-critical with deadline)?
Are You Comfortable Betting the Mission on 'Good Enough'?
- If a modernization hiccup interrupted classified communications for 24–72 hours, what would happen to mission operations?
- Can you describe a recent outage, failure mode, or near-miss that affected secure connectivity and what the immediate impact was?
- Which workloads or systems are most sensitive to connectivity loss (select all that apply)?
- How long could the mission continue without classified connectivity before unacceptable risk occurs?
- How worried are you—emotionally—about the risk of disruption during modernization efforts?
Show Me Your Map — Where Does the Network Hurt?
- Where in your current topology are data flows most likely to break mission continuity right now?
- Do you have up-to-date network diagrams and enclave boundary definitions that reflect current state?
- List the classification enclaves involved and any known accreditation gaps for each (e.g., CUI, Secret, Top Secret, Cross Domain).
- Who currently manages COMSEC custody and Type 1 provisioning for these enclaves?
- How frequently have interoperability tests between encryption devices or CDS components failed in the last 12 months?
What’s at Stake — How Bad Would It Be if This Fails?
- If accreditation stalls and your ATO timeline slips, what are the programmatic consequences?
- Have prior accreditation reviews required remediation that extended schedules? Tell us about the worst example.
- Who is the Authorizing Official (AO) or equivalent decision authority, and what outcomes will satisfy them?
- What specific accreditation evidence has been most difficult to produce or defend in past RMF cycles?
- How does the possibility of mission disruption make you feel when you brief leadership?
If Accreditation Couldn’t Be Your Bottleneck, What Would You Deliver?
- Imagine accreditation is guaranteed—what measurable connectivity outcomes would you expect at handoff?
- What are the target bandwidth, latency, and availability SLAs required for the mission?
- Which Zero Trust capabilities are non-negotiable for your program (select all that apply)?
- What objective success signals will you present to your AO to demonstrate mission readiness?
- Is there a hard accreditation deadline set by leadership or external policy that cannot be moved?
Who Are the Real Decision-Makers (and Hidden Gatekeepers)?
- Who in your organization can singlehandedly delay or accelerate accreditation, procurement, or access?
- For each stakeholder you selected, what does 'good' look like to them and how do their priorities differ?
- Are there external stakeholders (e.g., combatant commands, IL2/IL3 authorities) who must be aligned? If so, who?
- How do political, budgetary, or calendar constraints (e.g., end of fiscal year, deployment windows) affect your timeline?
- What is your preferred escalation path and cadence when decisions stall?
Where Have Attempts to Modernize Fallen Short?
- What previous modernization efforts delivered the worst surprises, and why did those surprises happen?
- Which vendors or approaches have you tried, and what specifically did you ask them to fix that wasn’t resolved?
- Which failure modes caused the longest remediation cycles (documentation gaps, device interop, COMSEC mishandling, staffing shortages, procurement delays)?
- How long did remediation take in your worst-case example, and what blocked progress most of the time?
- What would have changed your confidence in that past effort—better staffing, clearer acceptance criteria, earlier COMSEC staging, or something else?
Who’s Going to Touch the Boxes — Are They Ready?
- Do you have assured access to cleared, NSA-certified engineers when the schedule is critical?
- How many NSA-certified engineers (or equivalent) are available to support installation and Type 1 provisioning when needed?
- What is the current status of facility clearances and COMSEC handling authorizations at target sites?
- What access windows, staging constraints, or installation blackout periods should we plan around?
- If certified engineers become unavailable, what contingency options exist (alternate contractors, delayed install, phased approach)?
What Would a Smooth Deployment Feel Like in the First 30–90 Days?
- If deployment goes flawlessly, what will you observe on day 1, week 4, and day 90?
- Which acceptance tests and RMF evidence items must be completed for the AO to sign off?
- How many interoperability exceptions are acceptable at handover, and how will they be prioritized for remediation?
- What training or sustainment handover will your operations team need to take responsibility after deployment?
- How would you prefer ongoing support and compliance responsibilities be divided between your team and a vendor?
What Keeps You Up at Night in the Final 72 Hours?
- What's the single biggest last-minute surprise that has derailed previous installs?
- What pre-deployment checks do you wish had been done earlier to avoid that surprise?
- Do you maintain a formal staging inventory and chain-of-custody process for COMSEC and cryptographic equipment?
- Who is authorized to approve last-minute changes to installation sequencing or access permissions?
- If we identified a showstopper 48 hours before install, what is your preferred mitigation path?
Agreeing Small Next Steps — How Do We Make This Real?
- If we don't lock a next step now, what is the realistic chance this program slips beyond your deadline?
- What is the most useful immediate next step from your perspective: technical architecture assessment, COMSEC staging plan, procurement lead-time review, or a stakeholder alignment workshop?
- Who must approve any follow-up activity and who should receive an executive summary after the next engagement?
- What documents or artifacts can you share before the next meeting to accelerate discovery (network diagram, SSP, COMSEC manifest, procurement timelines)?
- When would you be available for a focused 90-minute technical intake with your technical leads and AO representation?
-
-
Success
Confirm operational outcomes, transition to sustainment, and maintain a shared channel for issues, enhancements, and ongoing compliance.
Success Reviews
- Operational Acceptance & Handoff Review
- Sustainment & Support Playbook Workshop
- Compliance, RMF & Accreditation Maintenance Sync
- Issues, Enhancements & Shared Channel Setup
- Lessons Learned & QBR Cadence Planning
Issues & Enhancements
- Populate an initial enhancement backlog and schedule a recurring triage cadence.
- RMF Calendar & Key Deadlines
- Set a documented RMF cadence with owners for each evidence artifact.
- Establish a POA&M process with SLA targets and accountable owners.
- Agree automation opportunities to reduce manual evidence collection and minimize rework.
- Map evidence artifacts to named owners and automate collection where possible.
- Create the POA&M tracking board and assign remediation SLAs.
- Publish patching/STIG schedule aligned to maintenance windows and notify stakeholders.
- Define Shared Channel & Access Model
- Stand up a shared, access-controlled channel and ticketing workflow for incidents and enhancements.
- Agree incident severity definitions, SLAs, and escalation owners.
- Introductions & Objectives
- Create and configure the shared channel and ticketing workflows with appropriate access controls.
- Document severity matrix and publish on the channel; assign on-call rotations.
- Import initial enhancement requests into backlog and schedule first prioritization meeting.
- Project Recap & Key Outcomes
- Produce a concise lessons learned report with assigned improvement actions.
- Agree on a set of KPIs and QBR cadence to monitor operational health and compliance.
- Publish an initial 90-day improvement roadmap and owner assignments.
- Draft and distribute the lessons learned report with owners and deadlines for improvement items.
- Define KPI dashboards and assign owners for ongoing reporting.
- Schedule recurring QBR meetings and distribute the standard agenda and invite list.
- Secure Authorizing Official formal acceptance or a timebound remediation plan that results in acceptance.
- Confirm the exact cutover date and scope for transition to sustainment operations.
- Ensure all accreditation evidence is handed to sustainment and compliance owners.
- Obtain AO signature or documented approval and archive acceptance artifacts.
- Deliver finalized accreditation/evidence package to sustainment team and ATO owner.
- Publish transition schedule with agreed checkpoints and remediation milestones.
- Current Support Model Recap
- Produce a signed sustainment playbook covering roles, SLAs, maintenance cadence, and COMSEC procedures.
- Confirm sustainment staffing roster and NSA-certified coverage for planned windows and emergency installs.
- Schedule training/shadowing milestones to ensure knowledge transfer to sustainment staff.
- Finalize and distribute the sustainment playbook with RACI and SLAs.
- Provide clearance and certification roster for sustainment engineers and schedule shadowing.
- Provision and document spare kit inventory and staging plan.
- Incident Triage & Severity Matrix
- Evidence Collection & Automation
- Roles, RACI & Staffing Coverage
- Acceptance Criteria Review
- Lessons Learned: What Worked / What to Improve
- Enhancement Request Lifecycle
- Evidence Package & AO Findings
- POA&M Lifecycle & Remediation SLAs
- SLA, MTTR & Maintenance Window Definitions
- KPI Definition & Targets
- Patch & STIG Compliance Process
- Reporting, Dashboards & Notifications
- QBR Format, Cadence & Stakeholders
- COMSEC Custody & Type 1 Device Handling
- Open Exceptions & Remediation Plan
- Signoff, Handoff Date & Next Steps
- Inventory, Spare Kits & Lifecycle Management
- Access & COMSEC Data Handling Rules
- Roadmap & Improvement Backlog
- ATO Change Triggers & Notification Process
- Training, Runbook Walkthrough & Onboarding Plan