System Security Engineering
Overview
System Security Engineering (SSE) activities allow for identification and incorporation of security design and process requirements into risk identification and management in the requirements trade space.
SSE is an element of system engineering (SE) that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities. Program Protection is the Department???s integrating process for mitigating and managing risks to advanced technology and mission-critical system functionality from foreign collection, design vulnerability or supply chain exploit/insertion (see Technology & Program Protection (T&PP) Guidebook, battlefield loss and unauthorized or inadvertent disclosure throughout the acquisition life cycle. The Program Protection processes capture SSE analysis in the system requirements and design documents and SSE verification in the test plans, procedures and results documents. The Program Protection Plan (PPP) (see T&PP Guidebook documents the comprehensive approach to system security engineering analysis and the associated results.
SSE analysis results should be captured in the PPP, provided at each technical review and audit (see T&PP Guidebook and incorporated into the technical review assessment criteria as well as the functional, allocated and product baselines. The PPP is approved by the Milestone Decision Authority (MDA) at each milestone decision review and at the Full-Rate Production/Full-Deployment (FRP/FD) decision, with a draft PPP (as defined in Adaptive Acquisition Framework Document Identification (AAFDID) tool and DoDI 5000.83, Section 3.4.c.) due at the Development Request for Proposals (RFP) Release Decision Point. For other programs, PPPs are developed and submitted as directed by components for Operation of Middle Tier Acquisition, Urgent Capability Acquisition, and Software Acquisition programs. The analysis should be used to update the technical baselines prior to each technical review and key knowledge point throughout the life cycle. It should also inform the development and release of each RFP by incorporating SSE process requirements and the system security requirements into the appropriate solicitation documentation.
Role of the PM and SE
The Program Manager (PM) is responsible for employing SSE practices and preparing a PPP to guide the program???s efforts and the actions of others. The Systems Engineer and/or System Security Engineer is responsible for ensuring a balanced set of security requirements, designs, testing and risk management are incorporated and addressed in the their respective trade spaces. The Systems Engineer and/or System Security Engineer is responsible for leading and facilitating cross-discipline teams to conduct the SSE analysis necessary for development of the PPP. The cross-discipline interactions reach beyond the SSE community to the test and logistics communities. The T&TP Guidebook (forthcoming) further details the program protection roles and responsibilities.
To address SSE as a design consideration, the Systems Engineering and Systems Security Engineer should ensure the system architecture and design addresses how the system:
- Manages access to, and use of, the system and system resources.
- Is configured to minimize exposure of vulnerabilities that could impact the mission through techniques such as design choice, component choice, security technical implementation guides and patch management in the development environment (including integration and T&E), in production and throughout sustainment.
- Is structured to protect and preserve system functions or resources, e.g., through segmentation, separation, isolation or partitioning.
- Monitors, detects and responds to security anomalies.
- Maintains priority system functions under adverse conditions.
- Interfaces with DoD Information Network or other external security services.
- Prevents, mitigates and recovers from cyberspace attacks and events, based on current cyberspace threats validated by the intelligence community.
- Is designed to be operationally resilient, as per the DoDI 8500.01
The early and frequent consideration of SSE principles reduces re-work and expense resulting from late-to-need security requirements (e.g., anti-tamper, exportability features, supply chain risk management, secure design, defense-in-depth and cybersecurity implementation). A best practice is to perform Mission-Based Cyber Risk Assessments early, and to update the assessments periodically as cyberspace threats and system design evolves. These assessments should be collaborative and include operational users, developers, engineers, and cyberspace threat emulation (testers).
Products and Tasks
Product | Tasks |
---|---|
10-24-1: Develop a program protection plan (PPP) |
|
10-24-2: Execute the program protection during development |
|
10-24-3: Execute program protection during production and sustainment |
|
Source: AWQI eWorkbook
Resources
Key Terms
- Anti-Tamper (AT)
- Communications Security (COMSEC)
- Computer Security and Privacy
- Cybersecurity
- Cybersecurity Maturity Model Certification (CMMC)
- Cybersecurity Strategy
- Defense Counterintelligence and Security Agency (DCSA)
- DoD Information Network (DODIN)
- Facility Security Clearance
- Global Information Grid
- National Industrial Security Program (NISP)
- Operations Security (OPSEC)
- Program Protection
- Program Protection Plan
- Science and Technology Protection Plan
- Supply Chain Risk Management (SCRM) - Overview
- System Security Engineering
- Technology Area Protection Plan (TAPP)
- Technology Security and Foreign Disclosure (TSFD)
Source:
DAU ACQuipedia
DAU Glossary
Policy and Guidance
- DoDI 5000.83 Technology and Program Protection to Maintain Technological Advantage
- DoDI 5000.90 Cybersecurity for Acquisition Decision Authorities and Program Managers
- DoDI 8500.01, Cybersecurity
- DoDI 8510.01 Risk Management Framework RMF for DoD Information Technology
- Systems Engineering (SE) Guidebook, 5.24 System Security Engineering
- AAFDID tool, Major Capability Acquisition pathway Milestone and Phase Information Requirements, Program Protection Plan (PPP)
- Technology and Program Protection Guidebook
DAU Training Courses
- ETM 1050: Design Considerations Fundamentals Lesson 24 System Security Engineering
- ACQ 1300: Fundamentals of Technology Security/Transfer
- ACQ 160: Program Protection Planning Awareness
- CLE 022: Program Manager Introduction to Anti-Tamper
- CLE 074: Cybersecurity Throughout DoD Acquisition
- CLE 080: SCRM for Information and Communications Technology (ICT)
- ENG 260: Program Protection for Practitioners
- ISA 220: Risk Management Framework (RMF) for the Practitioner
- CCYB 001: Program Protection Credential
- CCYB 00: Cybersecurity for Program Managers Credential
- WSS 001: Cybersecurity and Acquisition Integration Workshop
- WSS 003: Information System Security Manager (ISSM) Workshop
- WSS 004: Strengths, Weaknesses, Opportunities and Risks Workshop
- WSS 005: Program Protection Workshop
- WSS 008: Protecting Controlled Unclassified Information (CUI) Workshop
- WSS 011: Cyber Training Range - Intermediate Workshop
- WSS 012: Defensive Cyber Operations (DCO) Workshop
- Cybersecurity Training at DAU
DAU Tools
- DoD Developer???s Guidebook for Software Assurance
- Program Manager???s Guidebook for Software Assurance
- Cyber Resilient Weapon Systems Body of Knowledge (CRWS-BoK) tool
- DoD Cybersecurity Test and Evaluation Guidebook
Media
- A New Approach to Cyber Software Assurance
- Adaptive Acquisition Framework: DoDI 5000.83, Technology and Program Protection to Maintain Technological Advantage
- Adaptive Acquisition Framework: DoDI 5000.90, Cybersecurity for Acquisition Decision Authorities and Program Managers
- DAU Cybersecurity media channel
- Cybersecurity Implementation
- Cybersecurity in Program Acquisition
- Cybersecurity/Risk Management Framework
- ISA201 Lesson 8 Cybersecurity
- NAVAIR's Cyber Controls
- Program Protection Plan DAU blog
- Protecting DoD's Unclassified Information (1 of 3)
- Protecting DoD's Unclassified Information (2 of 3)
- Protecting DoD's Unclassified Information (3 of 3)
- Protecting DoD's Unclassified Information - Defining the Landscape