System Security (SysSec)
The System Security (SysSec) directorate in the Science and Technology (S&T) Program Protection (STPP) Office focuses on policy and practice to ensure DoD systems are resilient to advanced cyber threats. SysSec considers security and protection through all phases of a system acquisition, from requirements through design and production to sustainment and disposal of military systems that may operate in physical or cyberspace domains.
SysSec influences standards, specifications, methods, and data requirements to ensure the security of engineering activities, considering both malicious and non-malicious activity.
STPP partners with the Office of the Under Secretary of Defense (OUSD) for Acquisition and Sustainment, the OUSD for Intelligence, the DoD Chief Information Officer, industry, academia, and engineers and technologists across the Department to bring innovative practices and solutions to the engineering and technology workforce.
Objectives
- Lead program protection planning and system security engineering policy and practices to mitigate the compromise and exploitation of advanced warfighting capabilities, mitigate malicious and non-malicious activity to mission-critical hardware and software in DoD weapon systems, and safeguard DoD-controlled technical information from exploitation through cost-effective countermeasures
- Foster DoD engineering capability and convergence across secure cyber resilient design methods and anti-tamper protections for critical program information and controlled technical information practices and for mission-critical hardware and software assurance tools and technologies
Resources
- DoD Instruction 5200.39, Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation (RDT&E)
- DoD Directive 5200.47E, Anti-Tamper (AT)
- DoD Instruction 5200.44, Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN)
- USD(AT&L) Memorandum, Document Streamlining – Program Protection Plan (PPP)
- Engineering of Defense Systems Guidebook, issued February 11, 2022 (replaces Defense Acquisition Guidebook Chapter 3)
- Systems Engineering Guidebook, issued February 11, 2022 (replaces Defense Acquisition Guidebook Chapter 3)
- Technology and Program Protection Guidebook, issued July 26, 2022 (replaces Defense Acquisition Guidebook Chapter 9)
- Cyber Resilient Engineering Standards (ASSIST Data Item Description Database: Select SCRE - SECURE CYBER RESILIENT ENGINEE from the AREA list)
- Defense Acquisition University ACQ 160, Program Protection Planning Awareness
- Defense Acquisition University ENG 260, Program Protection for Practitioners
Focus Areas
- Program Protection and System Security Engineering
- Engineering Cyber Resilient Weapon Systems (also Secure Cyber Resilient Engineering (SCRE) Standards Defense Standardization Area)
- Joint Federated Assurance Center