GAO-21-179, WEAPON SYSTEMS CYBERSECURITY: Guidance Would Help DOD .
United States Government Accountability OfficeReport to Congressional CommitteesMarch 2021WEAPON SYSTEMSCYBERSECURITYGuidance Would HelpDOD Programs BetterCommunicateRequirements toContractorsGAO-21-179
March 2021WEAPON SYSTEMS CYBERSECURITYHighlights of GAO-21-179, a report tocongressional committeesGuidance Would Help DOD Programs BetterCommunicate Requirements to ContractorsWhy GAO Did This StudyWhat GAO FoundDOD’s network of sophisticated,expensive weapon systems must workwhen needed, without beingincapacitated by cyberattacks.However, GAO reported in 2018 thatDOD was routinely finding cybervulnerabilities late in its developmentprocess.Since GAO’s 2018 report, the Department of Defense (DOD) has taken action tomake its network of high-tech weapon systems less vulnerable to cyberattacks.DOD and military service officials highlighted areas of progress, includingincreased access to expertise, enhanced cyber testing, and additional guidance.For example, GAO found that selected acquisition programs have conducted, orplanned to conduct, more cybersecurity testing during development than pastacquisition programs. It is important that DOD sustain its efforts as it works toimprove weapon systems cybersecurity.A Senate report accompanying theNational Defense Authorization Act forFiscal Year 2020 included a provisionfor GAO to review DOD’simplementation of cybersecurity forweapon systems in development.GAO’s report addresses (1) the extentto which DOD has made progress inimplementing cybersecurity for weaponsystems during development, and (2)the extent to which DOD and themilitary services have developedguidance for incorporating weaponsystems cybersecurity requirementsinto contracts.GAO reviewed DOD and serviceguidance and policies related tocybersecurity for weapon systems indevelopment, interviewed DOD andprogram officials, and reviewedsupporting documentation for fiveacquisition programs. GAO alsointerviewed defense contractors abouttheir experiences with weapon systemscybersecurity.Contracting for cybersecurity requirements is key. DOD guidance states thatthese requirements should be treated like other types of system requirementsand, more simply, “if it is not in the contract, do not expect to get it.” Specifically,cybersecurity requirements should be defined in acquisition program contracts,and criteria should be established for accepting or rejecting the work and for howthe government will verify that requirements have been met. However, GAOfound examples of program contracts omitting cybersecurity requirements,acceptance criteria, or verification processes. For example, GAO found thatcontracts for three of the five programs did not include any cybersecurityrequirements when they were awarded. A senior DOD official said standardizingcybersecurity requirements is difficult and the department needs to bettercommunicate cybersecurity requirements and systems engineering to the usersthat will decide whether or not a cybersecurity risk is acceptable.Incorporating Cybersecurity in ContractsWhat GAO RecommendsGAO is recommending that the Army,Navy, and Marine Corps provideguidance on how programs shouldincorporate tailored cybersecurityrequirements into contracts. DODconcurred with two recommendations,and stated that the third—to the MarineCorps—should be merged with the oneto the Navy. DOD’s response alignswith the intent of the recommendation.View GAO-21-179. For more information,contact W. William Russell at (202) 512-4841or russellw@gao.gov.DOD and the military services have developed a range of policy and guidancedocuments to improve weapon systems cybersecurity, but the guidance usuallydoes not specifically address how acquisition programs should includecybersecurity requirements, acceptance criteria, and verification processes incontracts. Among the four military services GAO reviewed, only the Air Force hasissued service-wide guidance that details how acquisition programs shoulddefine cybersecurity requirements and incorporate those requirements incontracts. The other services could benefit from a similar approach in developingtheir own guidance that helps ensure that DOD appropriately addressescybersecurity requirements in contracts.United States Government Accountability Office
ContentsLetter1BackgroundDOD and the Military Services Have Taken Action to ImproveWeapon Systems CybersecuritySelected Programs Struggled to Include Cybersecurity inContracts, and Most Service Guidance Does Not Address Howto Include Cybersecurity Requirements in ContractsConclusionsRecommendations for Executive ActionAgency Comments and Our Evaluation420262727Appendix IScope and Methodology30Appendix IIComments from the Department of Defense33Appendix IIIGAO Contact and Staff Acknowledgments35Table 1: Key Requirements Documents and Cybersecurity Early inthe Acquisition CycleTable 2: Key Contract Documents91115TablesFiguresFigure 1: Department of Defense (DOD) Major DefenseAcquisition Program LifecycleFigure 2: Incorporating Cybersecurity in ContractsFigure 3: Six Steps of Department of Defense’s (DOD) RiskManagement FrameworkFigure 4: Department of Defense’s (DOD) Risk ManagementFramework in the Acquisition CyclePage i8121315GAO-21-179 Weapon Systems Cybersecurity
ief information officerCybersecurity Maturity Model CertificationCyber Resiliency Office for Weapons SystemsDepartment of Defenseinformation technologyMarine Corps Assessment and Authorization ProcessNaval Air Systems CommandNational Institute of Standards and Technologyrisk management frameworkThis is a work of the U.S. government and is not subject to copyright protection in theUnited States. The published product may be reproduced and distributed in its entiretywithout further permission from GAO. However, because this work may containcopyrighted images or other material, permission from the copyright holder may benecessary if you wish to reproduce this material separately.Page iiGAO-21-179 Weapon Systems Cybersecurity
Letter441 G St. N.W.Washington, DC 20548March 4, 2021Congressional CommitteesThe nation’s network of sophisticated, expensive weapon systems mustwork when needed, without being incapacitated by cyberattacks. As wereported in 2018, the Department of Defense (DOD) had only recentlybegun prioritizing weapon systems cybersecurity. 1 Specifically, DOD’sweapon systems acquisition process had struggled to deliver weaponsthat were cyber resilient, meaning they are still able to fulfill missions inthe event of a cyberattack. In its 2019 Annual Report, DOD’s Office of theDirector, Operational Test and Evaluation—echoing findings from priorassessments—reported that critical missions remain at high risk ofdisruption from adversary cyber actions and that DOD continues to fieldsystems without adequate cybersecurity. 2 While DOD is developing andfielding increasingly software-intensive, networked weapon systems as ameans of gaining a warfighting advantage, adversaries are makingsignificant investments in offensive cyber capabilities, which they coulduse against U.S. forces in concert with other types of military attacks.According to DOD policy, acquisition program officials should plan for andimplement cybersecurity protections early and often throughout theirprogram’s lifecycle. Incorporating cybersecurity practices from the earlieststages of an acquisition is typically easier, less costly, and more effectivethan trying to add, or bolt on, cybersecurity protections late in thedevelopment cycle or after a system is fielded. Moreover, becausecontractors have a key role in designing and building DOD weaponsystems, DOD must communicate its cybersecurity requirements in itsacquisition program contracts, just as it would with other types ofperformance requirements. If the government does not include certainspecifications in a contract, it runs the risk that modifications will beneeded after award that necessitate the negotiation of an equitableadjustment to provide the contractor with additional time andcompensation. DOD guidance says simply, “if it is not in the contract, donot expect to get it.”1GAO,Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale ofVulnerabilities, GAO-19-128 (Washington, D.C.: October 9, 2018).2Departmentof Defense, Director, Operational Test and Evaluation, FY 2019 AnnualReport (December 20, 2019).Page 1GAO-21-179 Weapon Systems Cybersecurity
The Senate report accompanying the National Defense Authorization Actfor Fiscal Year 2020 included a provision for us to annually review DOD’sefforts to improve the cybersecurity of its major defense acquisitionprograms. Our report addresses (1) the extent to which DOD has madeprogress in implementing cybersecurity protections for weapon systemsduring development, and (2) the extent to which DOD and the militaryservices have developed guidance for incorporating weapon systemscybersecurity requirements in contracts.To address both objectives, we reviewed DOD and military service levelpolicies and guidance related to the implementation of cybersecurity forweapon systems in development. 3 Key DOD policies for informationassurance, cybersecurity, acquisition, and requirements include DODInstruction 5000.02, Operation of the Defense Acquisition Systems; DODInstruction 5000.82, Acquisition of Information Technology; DODInstruction 8500.01, Cybersecurity; DOD Instruction 8510.01, RiskManagement Framework (RMF) for DOD Information Technology (IT);and DOD Instruction 8580.1, Information Assurance (IA) in the DefenseAcquisition System. Key DOD guidance documents include the DODProgram Manager’s Guidebook for Integrating the Cybersecurity RMFinto the System Acquisition Lifecycle; the DOD Cybersecurity Test andEvaluation Guidebook; the Joint Capabilities Integration and DevelopmentSystem Manual; the Cyber Survivability Endorsement ImplementationGuide; the Defense Acquisition Guidebook; the Cybersecurity StrategyOutline and Guidance; and DOD handbooks on contracting activities.Service level guidance is discussed in the body of the report.To inform each objective, we interviewed officials from several Office ofthe Secretary of Defense organizations, including the Director,Operational Test and Evaluation; Office of the Chief Information Officer(CIO); Office of the Chairman of the Joint Chiefs of Staff; Office of theUnder Secretary of Defense (Acquisition and Sustainment); Office of theUnder Secretary of Defense (Research and Engineering); and theDefense Digital Service. We interviewed officials with cybersecurity,contracting, and acquisition responsibilities from four military services aswell as five selected acquisition program offices. To select the program3Theterm “services” in this report generally refers to the Army, Navy, Marine Corps, andAir Force. We did not include the Space Force in this audit because the Space Force wasestablished in December 2019, after this audit began, and has not yet established itsacquisition organization. In addition, we determined that the Space Force has not yetpublished independent policies or guidance related to cybersecurity of weapon systemsacquisitions. We also did not include the Coast Guard, which is a component within theDepartment of Homeland Security.Page 2GAO-21-179 Weapon Systems Cybersecurity
offices, we used a purposeful sample of major defense acquisitionprograms representing, among other things, different services and typesof systems. We also interviewed representatives from 10 defensecontractors, 10 legal or consultant organizations, four researchorganizations with cybersecurity expertise, and two defense industrytrade groups. A number of issues discussed in this report have been onGAO’s high-risk list for years, including DOD’s weapon systemsacquisitions as well as the nation’s cybersecurity. 4 See appendix I foradditional information on our scope and methodology.The focus of this report is contracting for weapon systems cybersecurity,particularly how DOD acquisition programs establish and definerequirements and then communicate those requirements to contractors.Since these activities—establishing, defining, and communicatingrequirements—primarily occur early in the acquisition process, we did notlook in-depth at other important cybersecurity activities, such as testing,that occur later in the acquisition process. 5In March 2020, during the course of this engagement, the Presidentdeclared a national state of emergency as a result of the spread of theCoronavirus Disease 2019. Like other federal agencies, GAOimplemented changes to curb the spread of the virus. Accordingly, wereduced the scope of our work so that our analysis did not depend onaccess to systems we use to store and process classified informationsources. We plan to include these sources in future work.We conducted this performance audit from July 2019 to March 2021 inaccordance with generally accepted government auditing standards.Those standards require that we plan and perform the audit to obtainsufficient, appropriate evidence to provide a reasonable basis for ourfindings and conclusions based on our audit objectives. We believe thatthe evidence obtained provides a reasonable basis for our findings andconclusion based on our audit objectives.4GAO,High-Risk Series: Substantial Efforts Needed to Achieve Greater Progress onHigh-Risk Areas, GAO-19-157SP (Washington, D.C.: March 6, 2019).5Inearly 2020, DOD introduced the Cybersecurity Maturity Model Certification (CMMC),which prescribes information network security standards certification that defensecontractors will eventually be required to achieve before competing for covered DODcontracts. We did not include CMMC in the scope of this work but have an ongoing reviewthat focuses on CMMC.Page 3GAO-21-179 Weapon Systems Cybersecurity
BackgroundModern DOD weapon systems depend on software and IT to achievetheir intended performance. 6 Compared to their predecessors, thesesystems require a greater number of communications paths for sharinginformation among various types of subsystems as well as with externalsystems, enabling a range of warfighting capabilities. 7 As outlined in the2018 National Defense Strategy, DOD plans to continue modernizing keycapabilities through investments in software- and IT-intensive systemsand technologies, such as advanced networks, automation, and artificialintelligence, as well as through the integration of cyber capabilities into alltypes of military operations. For example, the Army plans to replacedecades-old vehicles, including the Bradley infantry fighting vehicle andthe Abrams main battle tank, with new systems that may incorporateautonomous or semi-autonomous operations requiring robust and securenetworking capabilities. 8Just as the growth of networked or internet-enabled consumertechnologies and devices heightens security risks in the face ofincreasingly sophisticated cyber threats, as we have reported, DOD’sgrowing dependence on software and IT significantly expands weapons’attack surfaces. 9 Any exchange of information is a potential access pointfor an adversary. 10 A system designed and built to exchange informationwith many other systems or subsystems has more potential vulnerabilitiesto address than a system that has few such connections.6DODdescribes its IT as encompassing a variety of forms that “range in size andcomplexity from individual hardware and software products to stand-alone systems tomassive computing environments, enclaves, and networks.” The focus of this report isweapon systems that include platform IT, which is “IT, both hardware and software, that isphysically part of, dedicated to, or essential in real time to mission performance of specialpurpose systems.” Department of Defense Instruction 8500.01, Cybersecurity (October 7,2019); Department of Defense Instruction 8510.01, Risk Management Framework (RMF)for DOD Information Technology (IT) (July 28, 2017).7GAO-19-128.8GAO,Next Generation Combat Vehicle: As Army Prioritizes Rapid Development, MoreAttention Needed to Provide Insight on Cost Estimates and Systems Engineering Risks,GAO-20-579 (Washington, D.C.: August 6, 2020).9GAO,Internet of Things: Enhanced Assessments and Guidance Are Needed to AddressSecurity Risks in DOD, GAO-17-668 (Washington, D.C.: July 27, 2017); and Internet ofThings: Status and Implications of an Increasingly Connected World, GAO-17-75(Washington, D.C.: May 15, 2017).10GAO-19-128.Page 4GAO-21-179 Weapon Systems Cybersecurity
As we reported in 2018, DOD had not prioritized weapon systemscybersecurity until recently, and was still determining how best to addressit during the acquisition process. The department had historically focusedits cybersecurity efforts on protecting networks and traditional IT systems,but not weapon systems, and key acquisition and requirements policiesdid not focus on cybersecurity. As a result, DOD likely designed and builtmany systems without adequate cybersecurity. In operational testing,DOD routinely found mission-critical cybersecurity vulnerabilities insystems under development. Using relatively simple tools andtechniques, testers were able to take control of systems and largelyoperate undetected, due in part to basic issues such as poor passwordmanagement and unencrypted communications. In addition, due tolimitations in the extent and sophistication of testing, DOD was likelyaware of only a fraction of the total vulnerabilities in its weapon systems.We also reported that DOD had taken a number of major steps since2014 to improve weapon systems cybersecurity. 11 Specifically, DODissued or updated a variety of department-wide policies, guidancedocuments, and memorandums to better integrate cybersecurity into theacquisition process and to promote more cyber resilient weapon systems.These steps demonstrate DOD’s increased emphasis on weaponsystems cybersecurity, aligning with DOD’s commitment in the 2018Cyber Strategy to “defend its own networks, systems, and informationfrom malicious cyber activity,” and to “ensure the U.S. military’s ability tofight and win wars in any domain, including cyberspace.” Ultimately,DOD’s success in improving weapon systems cybersecurity depends onthe extent to which the military services and acquisition communityexecute these changes to produce better outcomes in their programs.Weapon SystemsCybersecurity PracticesA cyberattack is an attempt to exploit a vulnerability in a system ornetwork to compromise its confidentiality, integrity, or availability. 12 Evenan attack that does not compromise a system or network may delay ordisrupt normal operations, undermining the owner’s or operator’sconfidence in their security, according to a senior official from the Officeof the Director, Operational Test and y means limiting information and system access to authorizedusers and purposes. Protecting integrity means ensuring information is not modified ordeleted by unauthorized users. Protecting availability means ensuring information andservices are available to authorized users. Our prior work discusses in greater detail thegeneral process and terminology of cyberattack and cyber defense. See GAO-19-128.Page 5GAO-21-179 Weapon Systems Cybersecurity
Cybersecurity practices are intended to protect IT by preventing,detecting, and responding to attacks. They aim to reduce the likelihoodthat attackers can access DOD systems and limit the damage if they do.Weapon systems confront a variety of cybersecurity challengesthroughout the acquisition process. The goal of weapon systemscybersecurity is to help ensure that a system is able to execute itsmission in the face of a cyberattack or adverse conditions. A 2015 RANDreport identified the following six challenges, summarized below, formanaging weapon systems cybersecurity: 13 Complex systems require specialized knowledge. Modern weaponsystems are highly complex, complicating the task of finding and fixingvulnerabilities without compromising functionality. Effectivecybersecurity is a technical challenge involving features that might beintegral to a system’s design, detailed knowledge of which may beconfined to only a few experts. Functionality and security can sometimes be at odds. There arenecessary trade-offs between functionality and security. Engineersare willing to accept some level of vulnerability to achieve thefunctionality that operators need to perform their missions. Forweapon systems, an appropriate balance between security andfunctionality is critical. Threats evolve and adapt. Cyber threats are rapidly evolving andadapting to countermeasures, such that security solutionsimplemented at any point in time could be insufficient to deal withfuture threats. Attackers have advantages. Cyberattackers have some advantagesover cyber defenders. Whereas an attacker only needs to find andexploit one system vulnerability, the defender needs to account forand mitigate risk throughout the system. As a result, cyber defense isboth more resource intensive and more difficult. Each new connection is a potential vulnerability. Systems areinterconnected in a variety of ways, such that a vulnerability in onesystem may be exploited to gain access to another system. Anattacker may be able to leverage a vulnerability in a noncriticalcomponent or tertiary system to gain access to a system’s mostcritical components.13RAND, Improving the Cybersecurity of U.S. Air Force Military Systems Throughout TheirLife Cycles (Santa Monica, CA: 2015).Page 6GAO-21-179 Weapon Systems Cybersecurity
Effective Weapon SystemsCybersecurity PracticesDepend on CybersecurityRequirementsDevelopment andContracting ActivitiesComplete security is unattainable. Because cyber threats evolveand adapt and cyberattackers have some advantages over cyberdefenders, it is impractical to assume that complete security isattainable. Decision makers must determine what level of security issufficient for their system and mission given finite resources.DOD’s policies governing major defense acquisition programs outline aseries of phases and associated activities to deliver weapon systems thatmeet a capability gap. While there are important cybersecurityconsiderations in each acquisition phase, our prior work has shown thatestablishing firm, feasible requirements is a key early step to reduce riskand set a program up for success. 14 Through solicitations and contracting,the acquisition program then communicates those requirements to thecontractor that will develop and produce the system. Contractors mayprovide important support to the program during requirementsdevelopment, such as working with the acquisition program office torefine requirements after contract award. Overall, defining needs and thencontracting for a solution that meets those needs are as relevant tocybersecurity requirements as they are to other kinds of performancerequirements.Figure 1 shows an overview of DOD’s acquisition process for majordefense acquisition programs. 1514GAO, Weapon System Requirements: Detailed Systems Engineering Prior to ProductDevelopment Positions Programs for Success, GAO-17-77 (Washington, D.C.: November17, 2016).15In April 2020, DOD reissued its key acquisition instruction to, among other things,establish an adaptive acquisition framework comprised of six acquisition pathways. Thisreview focuses on major defense acquisition programs, which are now covered under themajor capability acquisition pathway, and a few of the early, critical steps in that process.Some, but not all, of the activities discussed in this report are relevant to other acquisitionpathways. For a more comprehensive discussion of the major defense acquisitionprogram process and the six acquisition pathways, see GAO, Defense AcquisitionsAnnual Assessment: Drive to Deliver Capabilities Faster Increases Importance of ProgramKnowledge and Consistent Data for Oversight, GAO-20-439 (Washington, D.C.: June 3,2020).Page 7GAO-21-179 Weapon Systems Cybersecurity
Figure 1: Department of Defense (DOD) Major Defense Acquisition Program LifecycleDeveloping CybersecurityRequirements for WeaponSystems Helps PositionAcquisition Programs forSuccessDeveloping requirements that address a military need is a key componentof successful weapon systems acquisitions. As we reported in 2016,acquisition programs typically use systems engineering to, along with theprogram contractor, break down validated top-level capabilityrequirements into more specific capability requirements, known asperformance specifications, which are then used to create detailed designrequirements. 16 In addition to providing requirements traceability to helpensure that the system characteristics and performance address thecapability gap, systems engineering also allows acquisition programmanagers and decision makers to make informed trade-offs betweendetailed requirements and available resources. As a result, successfulacquisition programs do not begin system development until aftercompleting the bulk of their systems engineering activities. 17 The designrequirements lead to various system baselines that describe the system’sperformance requirements, how the subsystems will work together, andthe system’s final design, among other things.Cybersecurity requirements are a component of a system’s overallrequirements. DOD acquisition policy states that cybersecurity is arequirement for all DOD programs and must be implemented in all phasesof the acquisition cycle. 18 It also requires acquisition program managersto include cybersecurity in system performance specifications. Similarly,in 2015 guidance on cybersecurity for acquisition program managers,16GAO-17-77.17GAO-17-77.18In 2017, DOD updated its key instruction governing the acquisition process to include anew cybersecurity enclosure. In December 2020, after the scope of our review, DODissued a new instruction that incorporates and cancels the cybersecurity enclosure.Department of Defense Instruction 5000.90, Cybersecurity for Acquisition DecisionAuthorities and Program Managers (December 31, 2020).Page 8GAO-21-179 Weapon Systems Cybersecurity
DOD described a key tenet of weapon systems cybersecurity as treatingcybersecurity requirements “like other system requirements.” 19 Therefore,cybersecurity requirements should follow a similar pattern as othersystem requirements, moving from general to more specific and detailedas the acquisition program proceeds.Since 2015, DOD has required that certain acquisition programs includecyber survivability as part of the mandatory system survivability keyperformance parameter, which is one type of top-level programrequirement, or attribute, that defines a weapon system’s criticalperformance goals. 20 In addition, DOD’s requirements development policystates that key performance parameters or attributes should establishmeasures for system survivability that address cyber threats. Cybersurvivability, in this context, is meant to ensure that weapon systems aredesigned to prevent, mitigate, and recover from cyberattacks. However,the details of how cyber survivability is achieved for each system dependon the system’s mission, number and type of internal and externalcommunication paths, and the types of cyber threats it may face, amongother things.Table 1 briefly outlines key requirements documents early in theacquisition cycle and the role of cybersecurity requirements in each.Table 1: Key Requirements Documents and Cybersecurity Early in the Acquisition CycleDocument NameDescriptionInitial capabilities documentDocuments a specific capability gap and the need for a materiel solution, or a combination ofmateriel and non-materiel solutions, to fill the gap. The initial capabilities document should reflectearly, high-level cybersecurity capability requirements along with all other mission capabilityrequirements.Capability development document Specifies the requirements and performance attributes, including key performance parameters, forthe system that will deliver the capability that meets the criteria in the initial capabilities document.Cybersecurity performance attributes defined in the capability development document must beunderstandable, testable, measurable, and achievable. The capability development documentmust be validated before the program releases a request for proposals to industry.19Department of Defense, Office of the Under Secretary of Defense for Acquisition,Technology, and Logistics, DOD Program Manager’s Guidebook for Integrating theCybersecurity Risk Management Framework (RMF) into the System Acquisition Lifecycle,Version 1.0 (Washington, D.C.: September 2015).20Keyperformance parameters are performance attributes that define the capabilitiesmost critical to mission effectiveness. The other two types of performance attributes, keysystem attributes and additional performance attributes, define other characteristicsnecessary to achieve satisfactory performance.Page 9GAO-21-179 Weapon Systems Cybersecurity
Document NameDescriptionProgram protection planDefines the program’s critical information and mission-critical functions as well as the systemsengineering and security activities the program plans to use to mitigate those risks, includingcybersecurity. The program protection plan is included in requests for proposals, and programmanagers should update the program protection plan after contract award to reflect the selectedcontractor’s proposal.Cybersecurity strategyIdentifies both the program’s long-term approach for, as well as its implementation of,cybersecurity throughout the program lifecycle. The document, an appendix to the programprotection plan, is intended to serve as a management tool for program offices to plan for,document, assess, mitigate, and manage cybersecurity risks as the program matures.Test and evaluation master planDescribes all program test activities after the start of technology development, includ
Guidance Would Help DOD Programs Better Communicate Requirements to Contractors . What GAO Found . Since GAO's 2018 report, the Department of Defense (DOD) has taken action to . and more effective than trying to add, or bolt on, cybersecurity protections late in the development cycle or after a system is fielded. Moreover, because
(SMCT: Soldier’s Manual Common Tasks) Subject / Topic Training 1.- Drill 2.- Physical Fitness 2.1. Physical fitness test BCT 3.- Individual Weapon 3.1.- Load individual weapon 3.2.- Engage targets with an individual weapon 3.3.- Unload individual weapon 3.4.- Maintain individual weapon BCT BCT BCT BCT 4.- First aid 4.1.- Evaluate a casualty 4.2.-
2. Weapon Proficiencies & Specialization 2.1 General Information Knowing how to use a weapon without embarrassing yourself is very different from being a master of that weapon. In the AD&D game, part of your character’s skill is reflected in the File Size: 920KB
Child Nutrition Manager II CJG 179 0 25,862 144.48 18.06 8 Salaried 179 EC 26,406 147.52 18.44 8 Monthly Child Nutrition Manager I CLG 179 0 23,513 131.36 16.42 8 Salaried 179 EC 24,000 134.08 16.76 8 Monthly Child Nutrition - CNG 179 0 17,513 97.84 12.23 8 Salaried
This report is one of two providing Congress with background on the GAO bid-protest process. It analyzes (1) trends in bid protests filed with GAO, (2) why companies protest, (3) the impact bid protests have on acquisitions, (4) the most common grounds for GAO to sustain a protest, and (5) trends in bid protests filed against DOD.
GAO -17 665. For more information, View . contact Marcia Crosse at (202) 512-7114 or crossem@gao.gov. Why GAO Did This Study . According to data from CDC, an agency within the Department of Health and Human Services (HHS), among chil
GAO studies and policy documents and program evaluation literature. To ensure the guide's competence and usefulness, drafts were reviewed by selected GAO, federal and state agency evaluators, and evaluation authors and practitioners from professional consulting firms. This paper updates a 1991 version issued by GAO's prior Program .
This approach places billions of dollars at risk of insufficient NASA oversight. View GAO-21-105. For more information, contact William Russell at (202) 512-4841 or russellw@gao.gov. Why GAO Did This Study NASA is pursuing an aggressive goal to return American astronauts to the surface of the Moon by the end of 2024.
dealing with financial and monetary transactions such as deposits, loans, investments or currency exchanges. NB. Do not include trust companies in this section, although it can be considered a financial institution. All of the clients/customers categorized in A02-A12 are to total all active clients disclosed in A01a above. Introduction
