T-Rex SMART<sup><noscript><img src=

T-Rex SMART® Framework: Modernizing and Securing Environments

Date: October 7, 2020

T-Rex has designed, built, integrated, and operated some of the world’s largest mission critical systems for our government clients who need to leverage the power of data & the cloud while also holding to aggressive schedules. To support this, we developed the T-Rex SMART® Framework that offers an Agile and iterative methodology to take advantage of new platforms while meeting critical missions. This approach allows for micro or macro modernization in a structured fashion allowing for agencies to take advantage of available modernization funds. There are 5 steps to our framework:

S – Strategize and Stabilize

We leverage and enhance existing enterprise architecture (EA) roadmaps and perform application rationalization to establish a “landing zone” strategy for target applications. We take a structured approach to determine the most appropriate operating models (e.g., Cloud, on-premise virtualization, or bare metal) that should be considered for the greatest business benefit. The application rationalization task takes into account several factors in recommending a modernization path, including:

  • Licensing and cost optimization;
  • Cost, health, and longevity of the current hosting environment;
  • Overall value of the application to the mission and consideration of redundancies; and
  • Impact of current risk, schedule, and staffing baselines on modernization paths and movement to target stable platforms.

We then stabilize our project baselines. This includes the technical baselines such as requirements and functionality baselines, and the Implementation and Integration Plan (IIP). The IIP establishes the schedule and sequencing of modernization efforts that facilitates enterprise coordination.

M – Management and Framework

Once landing zones are determined, we establish or integrate with a management framework to provide a reporting mechanism and identify enabling tools. The framework defines core services (e.g., Network Segmentation, Configuration Management Database (CMDB), Continuous Diagnostics and Mitigation (CDM), Information Technology Service Management (ITSM), DevSecOps, and monitoring) to re-use or establish early to avoid rework and the associated added costs of doing this late. In addition, this is an important time to manage the start of FISMA compliance activities as well as provide cross-training for existing O&M staff.

A – Automate

Within the management framework and enabling tools, automation should be maximized to assure repeatability, consistency, and easy access to critical information. The core of our automation capability comes from our DevSecOps solutions, promoting automation of deployments, testing, scanning, and more. We start with discovery of existing processes and standards and then work with stakeholders to develop a roadmap to DevSecOps adoption and process and technology modernization.

R – Modernization (the 7 R’s)

Analysis of target applications determines which of the seven modernization options should be taken. The 7 R’s include: Relocate, Repurchase, Refactor or Rearchitect, Replatform, Rehost, Retire, and Retain. This is not just a one-time assessment. Our process is built to be revisited on a regular basis to determine if either technology or business factors have changed which approach is required for the applications.

T – Transition to Operations

After the application is moved, we execute our operational cut-over and monitor performance with existing O&M staff until all stakeholders sign off on a successful transition. Prerequisites to this cut-over include the completion of the ATO process to assure that Authorizing Officials and System Owners have accepted the documented security risks, implementation of controls, and any residual risk if applicable. In addition, T-Rex staff responsible for application modernization and migration engage with current system team members and operational support staff to capture and implement updates to existing O&M processes.

To learn more about T-Rex’s methodologies, check out the following:

recently posted
Dr. Allen Harper on How T-Rex Helps Federal Agencies Meet the Zero Trust Challenge

Dr. Allen Harper on How T-Rex Helps Federal Agencies Meet the Zero Trust Challenge

The White House Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” calls for Federal agencies to adopt and implement zero trust architecture. In a recent interview with Washington Exec, T-Rex’s Executive Vice President of Cybersecurity Dr. Allen Harper discusses the […]

Enhancing a Security Hardening Validation Script through Sourcery AI

Enhancing a Security Hardening Validation Script through Sourcery AI

This blog post covers Sourcery’s integration with Visual Studio Code and Python, two standard tools included in security professionals’ development stacks. Sourcery is available at https://sourcery.ai and the Microsoft Visual Studio Code Extensions tab. To demonstrate Sourcery’s capabilities, we will […]

Exceed Cloud Migration Expectations with T-Rex and AWS

Exceed Cloud Migration Expectations with T-Rex and AWS

T-Rex continues to implement large scale cloud transitions with Amazon Web Services (AWS). Learn about the winning T-Rex/AWS collaboration on the 2020 Census:

Mission Critical Services – Essential for Every Program

Mission Critical Services – Essential for Every Program

Mission Critical Services (MCS) are a core offering for T-Rex. At its core, MCS centers around user experience (UX), ensuring that enterprise mission-critical programs are on track to successfully deliver and support the mission. MCS includes properly maintaining and supporting […]