Kelly Jones

Responsible for the assimilation and maintenance of classified and unclassified Defense Security Service (DSS), and Navy RDT&E developmental systems/applications Authorizations to Operate (ATO) packages, testing packages (IATTs) and Operational ATOS for fleet operations of newly developed systems within the RMF framework. NQV LVL3 Validator, managing auditing/testing of packages, and creation/maintenance of all documentation for ONR from creation to completion of requested ATO/ATT/Use Case, etc. Command SME concerning all RMF processes, protocol and required documentation. Serve as Cybersecurity/RMF SME for several ONR Programs. Acting ISSE for over $3 million in programs.

Instruct from 2 to 3 online, 3 hour certification classes on a weekly basis in 8 week increments for each. Provide onsite intensive instruction to corporate clients as requested. Curriculum developer and SME for all things Cyber-related. Weekly provide one on one online/telecon tutoring as for students in all certifications

Weekly assist in the auditing/assimilation of 30+ eMASS packages for the various ECH II Commands supported by the Navy Authorizing Official from creation to completion of requested ATO/ATT/Use Case, etc. This includes ECH II/Program assistance, RMF Checkpoint Collaborations, Way Forward Meetings, Formal ATO letter creation, artifact and eMASS package review. Proficient in package management within eMASS. Auditing includes eMASS package details, SLCM, ISCM, Categorization Forms, E-Authentication and PIA, HW/SW/INFO Flow, all package diagrams, PPSMs, CCSDs, DITPR-DON/DADMS audits, Wireless and Mobil Policy, Contingency Plans, Accreditation diagrams and details to include flow, authorization boundaries, IS Architecture, Network Connections, Interconnected IS and Identifiers. Proficient in the application and traceability of Security Controls throughout the Security Plan, System Assessment Plan, Risk Assessment Report, POAM and supplementary artifacts. Experienced in Tier 1, 2, 3 and manual inheritance of Security Controls, hybrid, system specific controls and the importance of validating Non Applicable controls for a packages risk posture. If its in the RMF or DIACAP process and needs to be reviewed, audited or discussed, I do it! Responsible for mentoring new CSAs to insure immediate integration as auditors within current Team. Created new team templates for all auditing prior to Step 2 and 5 Checkpoints to insure granular package reviews.