Army military, civilian and contractor personnel work around the clock to deliver the "zero trust" model on all DOD platforms. (Photo Credit: GFEBS)
Mission Area
January 9, 2023
PEO EIS’ General Fund Enterprise Business System (GFEBS) achieved a milestone last fall in the way the Army validates cloud-based enterprise resource planning (ERP) systems for cybersecurity protection policies, practices and controls.
On Oct. 14, GFEBS concluded the first-ever purple team cybersecurity assessment for an Army ERP. The testing, conducted by PEO Simulation Training and Instrumentation’s Threat Systems Management Office (TSMO), involved a combination of red team (attacker) and blue team (defender) activities. It took six months to plan, coordinate and execute the joint event between GFEBS and its mission support partners.
The teams used a newly developed rules of engagement format, which allowed GFEBS’ cybersecurity vulnerability plan to be simultaneously vetted for insider and outsider threats, system security controls and operational response. Previously, each assessment had been planned and conducted in separate calendar cycles.
“The GFEBS program has achieved substantial cost savings and operational efficiencies by not having to dedicate resources and travel funding for multiple events,” said Robert Porter, acting product director, GFEBS. “We anticipate that all other PEO EIS ERPs will be able to take advantage of the process that we developed and piloted.”
The event showed GFEBS’ ability to ensure it can safely and effectively mitigate cybersecurity threats and continue to dynamically support the Army’s financial community.
GFEBS, the Army’s cloud-based financial, asset and accounting management system, has continued to achieve new milestones since its July 2020 migration to the cloud. The GFEBS team is continually innovating ways to perform assessments and evaluations of cybersecurity posture and business processes for Army compliance and best business practices.
GFEBS, including its classified component known as GFEBS – Sensitive Activities, is part of EIS’ Defense Integrated Business Systems portfolio.