Enterprise Security System (ESS)

Abstract

The Defense Security Service manages the Enterprise Security System (ESS) to provide an effective, real-time, security support capability for the Military Departments, DoD Agencies, the NISP, and other Federal Agencies. In compliance with the Expanded Electronic Government, President’s Management Agenda, and the DoD Enterprise Architecture Framework, ESS is the unified offering of security mission systems to facilitate and automate improved national investigative standards, streamline security processes, and increase DoD community collaboration. The DSS Mission Information Technology (IT) systems provide critical service to the major DSS mission areas for Industrial Security Oversight and Security Education. DSS performs this critical function through operation of its mission production systems to include the Industrial Security Facilities Database (ISFD), the DSS Gateway, and the USA Learning Portal (STEPP). RDT&E for DSS mission systems primarily includes pre-planned product enhancements and improvements to the applications, research and improve assured information sharing to better posture systems and networks against vulnerabilities, ensure self-defense of systems and networks, and safeguard data at all stages for the DSS to increase efficiencies through web-based systems to manage certification and accreditation activities. These IT systems are as follows: Office of Designated Approving Authority (ODAA) Business Management System (OBMS). The OBMS will automate the approval and certification process of cleared industry’s classified information processing security plans and operations. This will increase mission efficiency by providing a web-based system to manage certification and accreditation activities, provide improved reporting capabilities to support DSS and industry through improved metrics, accreditation timeliness and accuracy and reduce the number of unaccredited systems by providing automated notifications to DSS and industry. eFCL: The eFCL's centralized repository for information of facilities participating in the National Industrial Security Program (NISP). The eFCL captures facility information related to a cleared facility, from the initial processing of the facility clearance, the record decision of the facility clearance request includes Foreign Ownership Control or Influence (FOCI) information, as well as decommissioning of the facility clearance, and captures the DSS oversight activities. The eFCL will allow users to submit, update, search, and view facility verification requests. Industrial Security Facilities Database (ISFD). ISFD is the primary DSS mission system that track and execute the National Industrial Security Program for DoD and 32 other Federal Executive Agencies of cleared industrial security facilities. The ISFD provide users with a nationwide perspective on National Industrial Security Program related facilities, as well as, facilities under DSS oversight in the DoD conventional Arms Ammunition and Explosives program. ISFD provides source data for the DoD Joint Personnel Adjudicative System (JPAS) and the Facility Verification Request (FVR) application. National Industrial Security System (NISS, formerly known as Field Operations System (FOS). The NISS is the next generation enterprise capability, replacing the Industrial Security Facility Database (ISFD). Additionally, NISS will provide seamless integration of other DSS systems and applications, such as eFCL, OBMS, DD-254, and Mobile Workforce Applications. NISS will provide DSS with comprehensive enhanced capability to manage its entire mission portfolio. NISS will improve information sharing and collaboration, provide timely and accurate data in the hands of field representatives for decision-making. The system produces agency-wide metrics to measure and drive improved performance in security oversight and the protection of national security. The National Contract Classification System (NCCS). The Federal Acquisition Regulation (FAR) requires a DD Form 254 for each classified contract, and the National Industrial Security Operating Manual (NISPOM)(4-103a) requires a DD 254 be issued by the government with each Invitation for Bid, Request for Proposal, or Request for Quote. The DD Form 254 provides contractor (or a subcontractor) the security requirements and classification guidance necessary to perform on a classified contract. Contract Security Classification Specification required by DoD 5220.22-4, Industrial Security Regulation and the National Industrial Security Program Operating Manual (NISPOM) is to develop a federated system for the oversight and management of classified information access and guidance to perform on classified contracts. The DD 254, an underlying business process, is critical to ensure access to our Nation’s classified information is safeguarded. National Industrial Security Program (NISP) Control Access and Information Security System (NCAISS) formerly known as Identity Management (IdM). NCAISS is mandatory for compliance with Department of Defense (DoD) Public Key Infrastructure (PKI) Program Management Office and Office of the Assistant Secretary of Defense for Networks and Information Integration (ASD-NII), Joint Task Force for Global Networks Operations (JTF-GNO) Communications Tasking Order (CTO) 06-02, CTO 07-015, and Office of Management and Budget (OMB) Memo 11-11 (M-11-11), which directed accelerated use of PKI access across the enterprise. This initiative is designed to enable multiple DSS business systems to have service-accessibility that is controlled through PKI-compliant single sign-on authentication. Potential expanded use of the NCAISS across the DSS enterprise to provide CAC-based authentication for business support applications to support the SIPRNet and JWICS domains, provide enhanced identity and access control analytics. It incorporates any remaining DSS operated application into the DSS NCAISS solution.

Open PDF

Document Details

Document Type
Project
Publication Date
Oct 01, 2020
Source ID
000_0604130V_7_0400_PB_2020

Tags

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Defense Acquisition Program Management

Technology Areas

  • Microelectronics

Related Documents