Elevator description: "MAAP is a technique for assuring completion of defined missions by identifying and analyzing operational risks affecting mission-critical processes. MAAP is designed for the complexities of modern operational environments, where distributed management of processes and technologies is commonplace. It provides a systematic approach for sorting through the complexities inherent in distributed environments, resulting in a roadmap for improvement."
Project objective: The initial objective of the MAAP project is to establish an approach for defining and analyzing security practices in complex operational environments, where responsibility for performing a practice is distributed across multiple enterprises.
Broader implications: MAAP defines an approach for analyzing mission-critical processes and technologies. Because it incorporates advanced analysis techniques, MAAP can be applied to environments that are too complex for traditional risk analyses. It is also domain independent, making it applicable to any environment in which management control of processes or technologies is distributed. Future applications can include software assurance, definition and analysis of security practices, supply chain management, and multi-enterprise risk management.
Technical approach: MAAP will be piloted in diverse operational environments. The first pilot is focused on incident management and will result in a basic definition of the technique. A "freeware" toolkit containing specific methods and tools to support applications of MAAP will be developed over time.
Customer benefits: MAAP provides customers with a systematic analysis of distributed processes and technologies. Current risk analysis techniques cannot handle the dependencies and interrelationships inherent in these environments.
Schedule and status: The first pilot of MAAP focuses on incident management. The pilot will be completed in May 2005. We are currently looking for pilots in other domains.
Target customers: Information assurance and security organizations, software development and acquisition organizations, both commercial and government.