185 Legacy Systems Modernized 6 Months Ahead of Schedule

Client

Department of Defense – DTRA / Leidos ITSS

Summary

CRG supported the Defense Threat Reduction Agency (DTRA) and Leidos in one of the most complex cybersecurity modernization efforts in the DoD—migrating hundreds of legacy systems to the Risk Management Framework (RMF) while strengthening compliance, reducing risk, and safeguarding mission-critical assets.

Business Continuity

Audit-Ready

Secure by Design

quick stats

185+ systems transitioned to RMF in eMASS

Project completed 6 months early

The Challenge

The Department of Defense mandated that all legacy systems transition from the outdated DIACAP accreditation process to the more stringent Risk Management Framework (RMF).

For DTRA, this meant:

Overhauling the accreditation of 185+ systems across global environments.

Ensuring compliance under strict timelines to avoid operational disruption.

Managing dozens of consultants and external contractors.

Keeping sensitive systems secure and operational during the transition.

Demonstrating measurable maturity improvements under the DoD’s “Getting to Green” (GTG) and Scorecard program.

The risks included non-compliance, operational downtime, and delayed accreditation, all of which could severely impact DoD missions.

Our Approach

CRG delivered as a subcontractor under the DTRA/Leidos ITSS contract, providing senior ISSO/ISSE support, enterprise risk management, and RMF expertise.

Global Program Leadership

Managed a global team of 70 information security professionals across multiple sites.

System Transition Oversight

Directed the full migration of 185+ information systems from DIACAP to RMF using DISA’s eMASS enterprise platform.

Risk and Compliance Management

Led enterprise risk assessments, vulnerability/POA&M management, and IV&V oversight for new processes.

Strategic Advisory

Advised the CIO and CISO on cyber strategy, planning, and maturity improvement initiatives.

Metrics & Performance Development

Built measurable performance indicators to track compliance, cyber risks, and system readiness across the agency.

Budget Optimization

Oversaw $55M annual cybersecurity budget, ensuring maximum ROI and cost efficiency.

Incident Oversight

Supervised the evaluation and implementation of tools and applications for anomaly detection, incident response, and remediation.

The Results

Measurable Outcomes:

185+ systems successfully transitioned to RMF 6 months ahead of schedule.

$55M budget optimized, achieving cost efficiency while strengthening security ROI.

70+ consultants and contractors effectively managed and aligned to mission outcomes.

Strengthened compliance under NIST RMF, meeting DoD accreditation requirements.

Supported the DoD’s GTG and Scorecard program, enhancing executive-level reporting and risk quantification.

Improved operational resilience and reduced compliance risk across DTRA’s global enterprise.

DTRA achieved one of the most complex RMF transitions in the DoD — faster, more cost-efficient, and with stronger compliance than anticipated.

Modern glass office building with blue sky background.

Why It Matters

This project proved that large-scale government system transitions can be delivered ahead of schedule and under budget with the right expertise and leadership.

For the DoD, the benefits were clear:

Operational Assurance

No disruption to mission-critical defense operations.

Compliance Confidence

Full RMF alignment across 185+ systems.

Cost Efficiency

Optimized use of a $55M annual budget.

Maturity Gains

Improved performance under the DoD’s GTG and cybersecurity scorecard benchmarks.

Client Perspective

While client quotes remain confidential, DTRA leadership consistently recognized CRG’s role in:

Delivering ahead of schedule.

Exceeding compliance expectations.

Strengthening the agency’s cybersecurity maturity across global operations.

Lessons Learned & Best Practices

Scale Requires Structure

Large-scale RMF transitions need strong program management and performance metrics.

Leadership is Key

A global team of 70+ security professionals was kept aligned through consistent communication and measurable goals.

Budget Discipline Drives ROI

Active budget oversight ensured that cybersecurity investments directly supported compliance and resilience.

Proactive Advisory Works

Engaging CIOs and CISOs early ensured strategy alignment with DoD risk management policy.

Facing a complex system transition or compliance mandate?

We have proven experience leading large-scale cybersecurity transformations delivering results that are audit-ready, secure-by-design, and resilient by default.

Request Compliance Review

Portfolio