Re-imagining Archangel

Product Design. Re-structuring the platform to provide customization.

Project Overview

Gearing towards innovation means continuously working towards making the applications that we use more standardized, so that it can cater to the needs of many. That’s exactly what we did - re-imagined parts of the platform in order to broaden our reach and impact. 

To adhere to my non-disclosure agreement, the designs and content presented in this case study have been modified and are not representative of Archangel or US AI.

My Role: As the primary designer and business analyst for this project, I conducted the research, brainstormed and ideated on designs, and presented deliverables to internal stakeholders in June 2024. I was involved with the end-to-end process for this design. 

Behind Archangel:

As government agencies, security is the top priority (Well, really, in any company, security is the top priority, but you get it!). Archangel is a platform that allows its users to go through the motions of ensuring that their products are following cybersecurity guidelines. As you can imagine, this process is complex and time consuming. Archangel streamlines it for you, ensuring that all necessary components are there, and ready for you to fill out to achieve the Authority to Operate. 


The Archangel platform currently supports government agencies such as the Department of State, to work towards streamlining the complex cybersecurity process. Each agency may follow a different process, but as a GRC tool, we want to ensure that we are the standard for cybersecurity.

What is the Cybersecurity Lifecycle?

The cybersecurity lifecycle is a process that involves identifying any risks that a system might have to cyber threats, mitigating the risk, and continuously monitoring the system and these potential risks to ensure that nothing falls through. These risks are identified through evaluating “controls”, which are safety measures that a system can use to protect themselves. Examples of these can be firewalls, encryption, training programs, and more. These help maintain the confidentiality, integrity, and availability of their information. 

There are a variety of different processes that a system can follow, depending on the level of security needed. Most of them will consist of the same default list of controls (catalogs), with some room for customization. This customization comes in the form of overlays. Overlays allow you to adjust which controls you need to follow and the impact level of each control. To do that, we need to design for flexibility within the catalogs to allow for different processes to use and different overlays to apply. The catalogs also need to be dynamically configurable to allow for additional guidelines.

In the current iteration, overlays are hard coded and only follow one type of process. However, overlays are diverse and may require changes in multiple parts of the control, which is currently not in the system without being hard-coded in.

So, what’s the problem?

The solution

Use Case 1: User wants to navigate to the overlays through the control catalog. This is the logic that currently exists in Archangel, with an updated design.

Use Case 2: User wants to configure the overlays through the Overlays tab. For new users creating overlays, the intuition would immediately turn to the Overlays tab, in order to configure overlays for each catalog. This logic does not currently exist in Archangel.