CAT FAQ & Abbreviations

Overview

This page provides answers to common questions from product teams regarding CAT policies and processes. It centralizes frequently asked questions to help teams quickly understand requirements, navigate CAT workflows, and resolve common issues efficiently.

FAQ

When do I need to renew my Certificate to Field?

A CtF renewal is required under the following conditions:

• Annually (mandatory for all teams)
• Major version changes (e.g., v1 to v2), typically driven by significant updates such as:
  • Changes to the architecture diagram
  • Introduction of new pipelines
  • New or modified external system connections

If you’re unsure whether a change requires a renewal, engage P1 Cyber in your project’s CtF channel in Mattermost and provide details of the proposed updates. They will help determine if a renewal is necessary.

Important: A CtF renewal is treated the same as a new authorization. All supporting artifacts, including documentation and SD Elements (security controls/countermeasures), must be updated and reapproved.

My team is planning to deploy an IL6 instance through DAF Cloudworks. We already have an approved CtF, but it does not include IL6. Do we need to submit a P1 or Party Bus Help Desk ticket?

Not necessarily. If you already have an approved CtF, you typically do not need to submit a new request ticket solely to add IL6. Instead, the existing CtF can be updated and reapproved to include the new environment. Expanding to IL6 is treated as a modification to an existing authorization, not a new request (provided your current CtF remains valid). The process below should be followed:

1. The CAT reviews the request and updates the existing CtF letter to include IL6 (staging and production environments).
2. The updated CtF is routed for CISO approval.
3. The AO signs the revised CtF.
4. Once the updated CtF is fully approved and explicitly includes IL6, the Product team submits a production deployment request to MDO for the IL6 environment.

Assessments

Name	Description
Path to CtF Cybersecurity Assessment	The P1 Cybersecurity CtF process provides Party Bus customers with a CtF authorization that allows the ability to deploy applications at ILs 2/4/5/6 for U.S. military customers, IAW with all NIST 800-53 controls, and the Cloud Computing Security Compliance Guide.

Services

Name	Description
DevSecOps Pipeline Security	The CAT provides DevSecOps services to the Party Bus pipeline by implementing OWASP ZAP and Twistlock scans and testing.
DAST and SAST	Through the use of SonarQube and GitLab SAST, the CAT can work with the teams and MDO to research security hotspots and reinforce secure coding best practices.
Customer Engagement	The CAT engages daily with customers to shape deconflict requirements, and to resolve blockers during the CtF process. For both current and potential Party Bus customers.
Trouble Ticket Triaging	All cybersecurity tickets are triaged by the CAT.
Customer Advocacy	The CAT also advocates for the product teams with platform enablers (i.e., MDO, Cyber VS, ISSM, ISSO, and PB CS) to find solutions that benefit the product teams while assuring compliance with P1 ATOs.
Cybersecurity Onboarding	The CAT performs initial Cybersecurity onboarding meetings with all product teams entering the CtF process.
Cybersecurity Mentorship	The CAT works with teams to improve their application's cybersecurity posture throughout the CtF process.
BOE Generation	As part of the CtF process, the CAT builds the BoE for each app IAW the P1 ATO.
Continuous Monitoring	Through the use of SD Elements, the CAT performs continuous monitoring for all apps in the Party Bus pipeline, ensuring NIST 800-53 compliance throughout the CtF lifecycle.
Penetration Testing	The CAT performs penetration testing on apps in staging to reinforce the pipeline's integrated security tools.
Enabling Secure Coding Best Practice	The CAT reinforces secure coding best practices by working with developers to bridge the gap between well-written code and securely-written code.