Introduction
Over the past decade, SecureStrux has conducted hundreds of Command Cyber Readiness Inspections (CCRIs), serving over 75 clients. With the recent shift to Cyber Operational Readiness Assessment (CORA), SecureStrux remains a trusted partner in helping organizations navigate this evolving landscape.
What is CCRI/CORA?
CCRI, now known as CORA (Cyber Operational Readiness Assessment), is a comprehensive evaluation of a Department of Defense (DoD) entity’s cybersecurity posture. CORA assesses both classified and unclassified networks, as well as the critical cyber and physical assets supporting these systems. The goal is to ensure information assurance and robust cybersecurity measures across the DoD.
Early Days: Collaboration with DISA
The Command Cyber Readiness Inspection (CCRI) program was launched by DISA (Defense Information Systems Agency) in 2010 and is now managed by JFHQ-DODIN (Joint Force Headquarters Department of Defense Information Network). Nathan Shea, CEO of SecureStrux, was heavily involved in the early days of the program. His team worked closely with DISA leaders, helping shape CCRI through beta assessments and refining inspection methodologies.
Before CCRI, DISA performed Enhanced Compliance Validation (ECV) assessments. Although valuable, ECVs were inconsistent, leading to fluctuating scores and frustration among organizations. The introduction of CCRI addressed these issues by providing a standardized, scalable, and consistent assessment framework.
Expanding CCRI: Army, Navy, and DCSA
As CCRI grew, DISA sought help from various DoD branches, including the Army, Navy, and Defense Counterintelligence and Security Agency (DCSA). These entities trained and certified teams to conduct CCRIs, expanding the program’s reach. Members of the SecureStrux team were instrumental in training and certifying these teams, conducting CCRIs worldwide.
Through their involvement, the team at SecureStrux gained deep insights into achieving high scores in CCRIs, with a strong focus on helping clients aim for Outstanding (90%+) scores. Nathan Shea emphasized the importance of guiding organizations toward compliance, helping them prioritize activities and funding to improve their cybersecurity posture.
Founding SecureStrux: A Focus on CCRI Expertise
In 2014, Nathan Shea founded SecureStrux, assembling a team of CCRI experts. The company quickly established itself as a leading CCRI consulting firm, working with entities like DISA and Joint Service Provider (JSP) Pentagon. SecureStrux helped launch JSP’s inspection program, which consolidated the Fourth Estate’s disjointed cyber programs.
SecureStrux supported numerous organizations in CCRI preparation, helping one client, a Federally Funded Research and Development Center (FFRDC), earn three Outstanding CCRI scores across different locations. This success propelled SecureStrux into the spotlight, supporting defense contractors, agencies, and military services such as DLA, Johns Hopkins APL, Raytheon, MITRE, and more.
CCRI 2.0 and CCRI 3.0: Staying Ahead of Changes
As CCRI 2.0 rolled out, SecureStrux continued helping clients navigate the program’s evolving requirements. By 2023, CCRI 3.0 introduced stricter scoring processes and extended assessments to secure cloud environments, raising the bar for compliance.
CORA was introduced in March 2024, marking a shift from compliance to mission-focused cybersecurity. CORA places greater emphasis on Key Indicators of Risk (KIORs) and securing network boundaries. These changes require organizations to implement more rigorous security controls to stay ahead of evolving threats.
SecureStrux: Your Partner for CORA Success
At SecureStrux, we specialize in providing consulting expertise to help organizations navigate CORA. Our team is committed to helping clients understand and meet the new CORA requirements, ensuring compliance and resilience in today’s challenging cybersecurity landscape.
If you have any questions or would like to learn more about how SecureStrux can assist your organization, please don’t hesitate to reach out to us.
The latest in Cybersecurity
Enter your email to get the latest news, updates,
and content on cybersecurity.
"*" indicates required fields