Information Sys Security Program

Abstract

The Information Systems Security Program (ISSP) ensures the protection of Navy and joint cyberspace systems from exploitation and attack. Cyberspace systems include wired and wireless telecommunications systems, Information Technology (IT) systems, and the content processed, stored, or transmitted therein. ISSP includes the protection of the Navy's National Security Systems and Information (NSSI). ISSP must be rapid, predictive, adaptive, and tightly coupled to cyberspace technology. Through modeling and simulation of Department of Defense (DoD) and commercial cyberspace systems evolution, ISSP provides architectures, products, and services based on mission impacts, information criticality, threats, vulnerabilities, and required defensive countermeasure capabilities. ISSP is the Navy's implementation of statutory and regulatory requirements specified in Federal Information Security Management Act of 2002 (FISMA, 44 U.S.C. section 3541), the Computer Security Act of 1987 (Public Law 100-235), Privacy Act of 1974 (5 U.S.C. section 552a, Public Law No. 93-579), National Security Act of 1947 (Public Law 235), Comprehensive National Cyber security Initiative (CNCI) National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/ HSPD-23), National Security Directive 42, Presidential Decision Directive 63, Executive Order 13526, Appendix III of Office of Management and Budget (OMB) Circular A-130 Revised, Committee for National Security Systems (CNSS) Policy 22, Chairman Joint Chiefs of Staff Instructions 6510.01F and 6510.02D, DoD Directives 8500.01, O-8530.01, and 8570.01, the new DoD Instruction (DoDI)8500.01, NIST 800-53 rev 4 IA control catalog, new DoDI 8510.01, and CNSS Instruction 1253. FY15 will focus on ISSP efforts that address the risk management of cyberspace as defined in "The National Military Strategy for Cyberspace Operations", Chairman of the Joint Chiefs of Staff, Dec 2006, defensive Information Operations (IO) as defined in Joint Publication 3-13, and Defensive Cyberspace Operations (DCO) as defined in Joint Publication 3-12, which includes the capabilities to protect, detect, restore, and respond. ISSP provides the Navy with the following cyber security elements: (1) defense of NSSI, including the Nuclear Command, Control, and Communications (NC3) system, naval weapons systems, critical naval infrastructure, joint time and navigation systems, and industrial control systems; (2) assured separation of information levels and user communities, including allied, coalition, non-Governmental, Defense Industrial Base, and other public partners; (3) technologies supporting the Navy's Computer Network Defense (CND) service provider operations; (4) assurance of the Navy's telecommunications infrastructure and the wireless spectrum; (5) assurance of joint-user cyberspace domains, using a defense-in-depth architecture; (6) assurance of the critical computing base and information store; (7) assurance of mobile and cloud computing; (8) supporting assurance technologies, including the Public Key Infrastructure (PKI) and Key Management(KM); and (9) Cyber remediation capabilities that will accelerate the Navy's ability to prevent, constrain and mitigate cyber-attacks and critical vulnerabilities as well as provide greater resiliency, awareness, data analytics, redundancy and diversity into the Navy's Defense-in-Depth (DiD) strategy.

Open PDF

Document Details

Document Type
R2 Budgetary Justification
Publication Date
Oct 01, 2015
Source ID
0303140N_7_1319_PB_2015
Change Summary Explanation
Schedule: Computer Network Defense (CND): - Due to the dynamically changing threat, CND Inc 2 Full Operational Capability (FOC) has shifted beyond the current Future Years Defense Program (FYDP) to align with Capabilities Production Document (CPD) - Added CND Build Milestones - Build 3 completion shifted from 2Q15 to 3Q15. - Build 4 start shifted from 1Q15 to 2Q15. Build 4 completion shifted from 1Q16 to 2Q16. - Build 5 start shifted from 4Q15 to 1Q16. Build 5 completion shifted from 4Q16 to 1Q17. Navy Cryptography (Crypto): - KG-45A FOC shifted from 4QFY13 to 1QFY14 due to fleet schedule changes - Link 22 (L22) Preliminary Design Review (PDR) 1 & 2 coupled to maintain schedule - L22 Technical Readiness Review (TRR) 1 shifted from 4QFY13 to 3QFY14, L22 TRR 2 shifted from 1QFY14 to 3QFY14, L22 Production Readiness Review shifted from 3QFY14 to 4QFY14, and L22 Full Development Delivery shifted from 3QFY14 to 4QFY14 due to changes in vendor's schedule. - VINSON/Advanced Narrowband Digital Voice Terminal Crypto Modernization (VACM) Milestone C (MS C) shifted from 4QFY13 to 2QFY14, Initial Operational Test and Evaluation (IOT&E) start shifted from 4QFY13 to 4QFY14, Full Rate Production (FRP) decision shifted from 3QFY14 to 2QFY15, and Initial Operational Capability (IOC) shifted from 4QFY14 to 2QFY16, due to changes in Air Force schedule Electronic Key Management System (EKMS): - Phase V FOC completed. Key Management Infrastructure (KMI): - Capability Increment 2 (CI-2) Spiral 2 (SP2) FOC shifted from Q3FY18 to Q1FY18 due change in fielding plan and in accordance with National Security Agency(NSA) Electronic Key Management System (EKMS) end of life date - CI-2 Spiral 1 (SP1) Full Rate Production Decision (FRPD) and Full Rate Fielding Decision (FRFD) completed. Public Key Infrastructure (PKI): - PKI Inc2 Spiral 3 IOC shifted from 3QFY13 to 2QFY14 and Inc 2 FOC shifted from 2QFY14 to 4QFY15 due to testing schedule delays. The Defense Information Security Agency (DISA) is the Lead Agency for PKI. Funding: Project 3230 - FY15 $1.2M increase in funding supports the Weaselboard Program which is addressing an urgent Speed to Fleet initiative to assess the health and protection of shipboard systems and identify anomalous activity with Shipboard Supervisory Control and Data Acquisition (SCADA) information.
Service Agency Name
Navy

Entities

Organizations

  • United States Navy

Tags

Communities of Interest

  • C4I
  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems
  • Weapons Technologies

DTIC Thesaurus Topics

  • Air Force
  • Command And Control
  • Computer Network Security
  • Computer Networks
  • Computers
  • Cross Domain
  • Cryptography
  • Cybersecurity
  • Cyberspace Operations
  • Data Links
  • Information Systems
  • Mobile Phones
  • National Security
  • Risk Analysis
  • Secure Communications
  • Systems Engineering
  • Test And Evaluation

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Defense Financial Management and Audit.
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.

Technology Areas

  • Cyber

Related Documents