T-Rex SMART<sup><noscript><img src=

T-Rex SMART® Framework: Modernizing and Securing Environments

Date: October 7, 2020

T-Rex has designed, built, integrated, and operated some of the world’s largest mission critical systems for our government clients who need to leverage the power of data & the cloud while also holding to aggressive schedules. To support this, we developed the T-Rex SMART® Framework that offers an Agile and iterative methodology to take advantage of new platforms while meeting critical missions. This approach allows for micro or macro modernization in a structured fashion allowing for agencies to take advantage of available modernization funds. There are 5 steps to our framework:

S – Strategize and Stabilize

We leverage and enhance existing enterprise architecture (EA) roadmaps and perform application rationalization to establish a “landing zone” strategy for target applications. We take a structured approach to determine the most appropriate operating models (e.g., Cloud, on-premise virtualization, or bare metal) that should be considered for the greatest business benefit. The application rationalization task takes into account several factors in recommending a modernization path, including:

  • Licensing and cost optimization;
  • Cost, health, and longevity of the current hosting environment;
  • Overall value of the application to the mission and consideration of redundancies; and
  • Impact of current risk, schedule, and staffing baselines on modernization paths and movement to target stable platforms.

We then stabilize our project baselines. This includes the technical baselines such as requirements and functionality baselines, and the Implementation and Integration Plan (IIP). The IIP establishes the schedule and sequencing of modernization efforts that facilitates enterprise coordination.

M – Management and Framework

Once landing zones are determined, we establish or integrate with a management framework to provide a reporting mechanism and identify enabling tools. The framework defines core services (e.g., Network Segmentation, Configuration Management Database (CMDB), Continuous Diagnostics and Mitigation (CDM), Information Technology Service Management (ITSM), DevSecOps, and monitoring) to re-use or establish early to avoid rework and the associated added costs of doing this late. In addition, this is an important time to manage the start of FISMA compliance activities as well as provide cross-training for existing O&M staff.

A – Automate

Within the management framework and enabling tools, automation should be maximized to assure repeatability, consistency, and easy access to critical information. The core of our automation capability comes from our DevSecOps solutions, promoting automation of deployments, testing, scanning, and more. We start with discovery of existing processes and standards and then work with stakeholders to develop a roadmap to DevSecOps adoption and process and technology modernization.

R – Modernization (the 7 R’s)

Analysis of target applications determines which of the seven modernization options should be taken. The 7 R’s include: Relocate, Repurchase, Refactor or Rearchitect, Replatform, Rehost, Retire, and Retain. This is not just a one-time assessment. Our process is built to be revisited on a regular basis to determine if either technology or business factors have changed which approach is required for the applications.

T – Transition to Operations

After the application is moved, we execute our operational cut-over and monitor performance with existing O&M staff until all stakeholders sign off on a successful transition. Prerequisites to this cut-over include the completion of the ATO process to assure that Authorizing Officials and System Owners have accepted the documented security risks, implementation of controls, and any residual risk if applicable. In addition, T-Rex staff responsible for application modernization and migration engage with current system team members and operational support staff to capture and implement updates to existing O&M processes.

To learn more about T-Rex’s methodologies, check out the following:


recently posted
More than Modernization: Digital Transformation Empowered by Agile Learning Culture

More than Modernization: Digital Transformation Empowered by Agile Learning Culture

Today’s avalanche of technology-driven change has made digital transformation imperative for Federal and civilian enterprises. At the heart of this transformation lies Agile Development, a methodology offering dynamic software development and delivery, which has emerged as the gold-standard for tech […]

Zero Trust Lift: Network Visibility and Analytics Maturity using Zeek

Zero Trust Lift: Network Visibility and Analytics Maturity using Zeek

Zeek is a proven open-source network visibility and analytics tool that you can leverage to increase your agency’s Network Visibility and Analytics Capability maturity under CISA’s Zero Trust Maturity Model Version 2. Zeek (https://zeek.org, formerly named Bro) is a network […]

T-Rex is Hiring at Hill Air Force Base

T-Rex is Hiring at Hill Air Force Base

Since 2016, T-Rex has been supporting large scale hybrid-cloud migrations and systems modernization, to include the successful deployment of the first-ever online U.S. Census in 2020. We are excited about expanding our IT Modernization services within the National Security market, […]

Secure by Design and Zero Trust: Integrating Supply Chain Risk Management with DevSecOps

Secure by Design and Zero Trust: Integrating Supply Chain Risk Management with DevSecOps

Agencies are seeking innovative ways to mature their Zero Trust posture. In this article, we have focused on improvements to your DevSecOps to increase maturity in two pillars: 1) Devices and Applications and 2) Workloads.