SUCCESS STORY

USMC Saves $10M in Delay-Related Costs

Military Agency Logo

Industry Type

Government – DoD

Use Cases

Rapid Certification, cATO, ITIL Integration, Streamlined Reporting

Frameworks

NIST Risk Management Framework (RMF), ATO

Impact

Challenge: Overcoming severe service delivery delays, excessive costs, and operational inefficiency

Solution: An Agile ATO process with rapid end-to-end RMF processing

Results: $10M in cost savings and 96% faster ATO

Outcomes with RegScale

$100K

Saved per system per month

Checkmark

ATO in a Day
for containerized workloads achieved through continuous authorizations

96%

Faster authorization, from 18-24 months to minutes

Summary

Operation StormBreaker was created to address critical operational challenges around IT infrastructure in the US Marine Corps Community Services (USMC-MCCS). Facing the same inefficient RMF and ATO processes that the DoD CIO is targeting for reform, MCCS saw service delivery delays of 3 to 5 years and authorization costs exceeding $1 million per system. Through the transformative Operation StormBreaker initiative and support from managed service providers like RegScale, MCCS dramatically reduced time and costs while accelerating the delivery of mission-critical services to Marines and their families. 

Challenge: Overcoming severe service delivery delays, excessive costs, and operational inefficiency

MCCS struggled with an inefficient IT infrastructure that significantly slowed down service delivery to military personnel and their families. New deployments faced delays of 3 to 5 years, while system authorization costs exceeded $1 million per system. These constraints severely compromised MCCS’s ability to provide services to the Marine Corps community. 

Compounding the challenge for Operation StormBreaker were deeply entrenched organizational silos and a web of bureaucratic barriers. Every step forward required navigating queues, approval lines, systemic delays, and organizational inertia that slowed innovation to a crawl. This operational environment created a perfect storm of inefficiency: critical services were perpetually delayed, costs were unnecessarily high, and the organization’s capacity to adapt to emerging needs was severely constrained. 

Today, these same challenges extend to 5,500 DoD systems that require authorization under traditional processes. The systems each bring price tags of over $1 million per ATO and involve 12- to 18-month authorization timelines and 3- to 5-year deployment cycles. 

As part of Operation StormBreaker, we are transitioning our RMF reporting to RegScale, to consolidate workflows and reduce overhead associated with our compliance activities. This shift is enabling faster, end-to-end processing within a single platform while maintaining alignment with the ECSM 018 Marine Corps Assessment and Authorization Process and broader USMC requirements. Streamlining this component of our toolset is allowing teams to spend less time navigating documentation and more time delivering mission-critical capabilities. The result is a more agile and responsive compliance posture that supports innovation without compromising rigor.

— David Raley, Digital Program Manager, USMC-MCCS

Solution: Rapid end-to-end RMF processing and accelerated ATO processes managed within a single platform

Operation StormBreaker introduced a revolutionary Agile ATO process and the first authorized Rapid Assess and Incorporate Software Engineering (RAISE) platform in the USMC. This innovative approach reimagined the entire authorization process through an agile lens, transforming it into a streamlined, efficient workflow capable of delivering authorizations in 30 days — or same-day for containerized workloads. 

A key component of Operation StormBreaker involves transitioning the MCCS Risk Management Framework (RMF) reporting process from Jira to the RegScale platform. This transition enables rapid, end-to-end RMF processing within a single platform, significantly reducing complexity and eliminating redundant steps.  

RegScale also ensures seamless integration with the Enterprise Mission Assurance Support Service (eMASS), maintaining alignment with broader compliance requirements. The implementation strategy includes empowering MCCS personnel with comprehensive training on the RegScale platform’s capabilities and relevant modules, enhancing their autonomy and operational efficiency. 

Results: Digital service delivery accomplished years faster and millions of dollars cheaper

By reimagining the ATO process through an agile lens, Operation StormBreaker has delivered major efficiency gains: reducing authorization timelines from 18 to 24 months to just 30 days and achieving “ATO in a Day” for containerized workloads. The savings are estimated at $100,000 per system per month and have already saved over $10 million in delay-related expenses. With 20-30 MCCS systems requiring regular reauthorization, these efficiency gains have provided immediate budget relief while dramatically enhancing mission capabilities. 

Operation StormBreaker has also improved the MCCS security posture, reducing Plans of Action and Milestones (POA&Ms) from hundreds to tens and paving the way for cATO (continuous Authorization to Operate). RegScale’s Continuous Controls Monitoring platform further streamlines Operation StormBreaker’s compliance processes by consolidating efforts previously spread across various tools and applications, eliminating manual and tedious work. 

The impact on service delivery has been profound. By addressing the severe operational constraints that delayed services by years, Operation StormBreaker has positioned MCCS to deliver critical services exactly when they’re needed, enhancing quality of life for service members and their families.  

Just as importantly, Operation StormBreaker is poised to be shared across the DoD, where it stands to save billions in unnecessary spending. (Thousands of DoD systems require authorization under traditional processes that cost over $1 million per ATO and involve 12- to 18-month authorization timelines and 3- to 5-year deployment cycles.) The project’s leader has established working groups across the DoD and is offering its Agile ATO processes, Software Factory, and AWS SCCA-compliant landing zone as shared services. The ultimate goal is for Operation StormBreaker to become a profit center for the MCCS and a technological leader for the DoD, enabling service delivery at the speed of relevance. 

See what RegScale can streamline for you

Book a demo now for a quick walkthrough of how our continuous controls monitoring can solve your compliance, risk, and cybersecurity challenges.