The Cybersecurity Submittal Automation Tool (CySAT) supports Government and Industry stakeholders involved in the Facility Related Control System (FRCS) cybersecurity design requirements and Risk Management Framework (RMF) processes. CySAT provides automation of FRCS Cybersecurity Unified Facility Criteria (UFC) 4-010-06 and RMF Enterprise Mission Assurance Support Service (eMASS) submittals, specifically:

• RMF Self-Assessment steps: CySAT builds on the previously developed R-SAT toolset to streamline the process for obtaining an Authority to Operate by aiding with RMF submittals in Steps 1-3.
• UFC Designer of Record (DoR) processes: CySAT facilitates the generation of UFC 4-010-06 cybersecurity submittals to describe the requirements for incorporating cybersecurity into the design of all FRCS which include a network.

The primary objective of CySAT is to incorporate the features of previously developed toolsets – the ESTCP-funded R-SAT and a U.S. Army Corps of Engineers-funded DoR tool - into a single toolset and obtain Government sponsorship.

The functions of CySAT reside in macro-based Microsoft Excel worksheets with tabs that represent steps in the UFC and RMF processes. CySAT offers the following advantages:

• CySAT is free, requires no license fee, and utilizes common software (Microsoft Excel).
• CySAT does not require a government-issued computer or Common Access Card to use. Users can prepare correctly formatted eMASS templates prior to system registration.
• CySAT provides a standard format for UFC submittals thereby reducing inconsistency and streamlining review.
• UFC and RMF documentation is populated with standard responses related to FRCS and Department of Defense inheritance policy, providing cybersecurity professionals with a starting point for tailoring the selection and assessment of controls to system features.

There are no costs to users for implementing CySAT. The performance assessment and demonstration provide evidence that CySAT is a useful toolset. Engineer Research and Development Center-Construction Engineering Research Laboratory intends to take ownership of CySAT and has accepted responsibility for continued maintenance. CySAT will be uploaded to the Whole Building Design Guide website for users to download. To further track usefulness, CySAT users will be required to provide demographic data and intended use at the time of download. This information will be used to further evaluate the cost/benefit of any required updates to CySAT (estimated at $70,000 per event) and prolonged support (estimated at $32,000 annually).

The software was designed to be intuitive and user friendly; however, users must invest upfront time in learning the software. Additionally, CySAT is an Excel worksheet with Visual Basic programing and some users may have concerns using a macro-enabled file. Finally, CySAT functionality may be impacted by updates to eMASS, or FRCS policy and maintenance will be required.