All SMS BRED customers, we are requesting an extension of the current version of BRED 3.5.3 as per the following reference documents:
1. DoD Memorandum, Subject: Cybersecurity Reciprocity, dated March 12, 2014, Reference (a)
2. DoDI 8500.01 Change1, effective October 7, 2019, Subject: Cybersecurity, Enclosure 3, Section 2h.
These two documents are central in addressing the ability to use the overarching SCA-V assessment and the organization's ATO which extends to include all Government Off The Shelf (GOTS) software as the source assessment to replace the now defunct Certification of Networthiness (CON) program.
Since the BRED application was included in our software list during our SCA-V assessment and our ATO-C was granted, the BRED application should be authorized on the network since it has been assessed during that process. Additionally, since the application usually resides on a stand - alone laptop and does not directly connect to the network except to export the updated BRED data file to be imported to the BUILDER SMS application, the security risk level is low.
For further documentation or additional information in support of this action please contact Arthur White, Jr. , Operations Manager @ firstname.lastname@example.org or 910.988.2347