AROWS - ISSO/RMF Lead

Mission Objectives :

The

ISSO/RMF

Lead is responsible for RMF compliance across two ATO systems ? ANG-DSS and AROWS ? supporting a shared user base of approximately 120,000 ANG service members (200,000+ total user accounts) across the ANGRC and 90 GSUs. This position ensures continuous compliance under FIAR and FISMA audits, maintains all system security artifacts within eMASS, manages

DISA STIG

implementation, and provides cybersecurity subject matter expertise

IAW AFI 33-200, AFMAN

33-282, and

DODI 8510.01.

Position Responsibility Summary:

Maintain system security artifacts (policies, procedures, evidence) for ANG-DSS and AROWS to support RMF control compliance

IAW AFI 17-101

Document risk control item changes and manage eMASS records for both systems (26 Control Families, 431 Security Controls, 1,847 Assessments) Develop and maintain POA&Ms on all non-compliant controls; report progress in Monthly Status Reports Identify and implement

DISA STIG

requirements; coordinate remediation schedules with ANGRC IA and Network operations teams Review and implement security measures to meet IA/RMF directed actions from MTOs and STIGs Manage access control compliance for ~120K end-users: access request review, denials/approvals, inactivity suspensions, account restoral, and audit corrective actions Prepare reports and artifacts supporting DoD-initiated audits (FIAR/FISMA); develop Corrective Action Plans for audit findings Conduct annual RMF package reviews to ensure ATO maintenance; support eMASS-to-ITIPS data migration Verify all software purchases with ANGRC software manager to support vulnerability and security checks Manage risk management security software (Fortify or equivalent) for vulnerability scanning and correction Maintain and update security-related SOPs and protocols Provide SIEM expertise for real-time network visibility and cyberthreat detection/response Support CMDB/Enterprise Integration in alignment with

SAF/FM CIO

initiatives Support NGB/A1 responses to taskers and data calls regarding system health and ROI