Cyber Resiliency & Cybersecurity Policy

Abstract

Cyber Resiliency & Cybersecurity Policy program supports the efforts of OUSD A&S Chief Information Security Office, focusing on the defense of the Department’s critical mission weapon systems and Defense Critical Infrastructure from cyber attack, protecting the Department’s sensitive unclassified information residing within the Defense Industrial Base(DIB) sector and supply chain, and capability portfolio management for Joint Cyber Capabilities used by the Cyber Mission Force. This program funds the following critical efforts: 1) Cybersecurity for Weapon Systems and Critical Infrastructure: Lead the Department’s Strategic Cybersecurity Program (SCP) to continue critical weapon systems and defense infrastructure cybersecurity assessments and mitigations. CISO(A&S) Cyber Resiliency efforts are aligned with the following initiatives: Assess: - Conduct of mission focused cyber risk assessments for priority Defense Missions in support of CCMDs. - Conduct Deep Cyber Resiliency Assessments (DCRA) in support of CCMDs and asset owners. Inventory: - Develop, sustain, and employ Cyber Risk Mitigation Tool (CRMT), an Enterprise-wide decision support tool for tracking cyber vulnerability assessments and mitigations. Prioritize: - Prioritize Cyber Risk Mitigations based upon mission analysis conducted by Mission Focused Cyber Hardening Teams. 2) DIB Cybersecurity - Determine the resilience and cybersecurity of DIB contractors and their suppliers which support the associated research, design, development, production, sustainment, and operations of DoD weapon systems. - Enhance the cybersecurity of the DIB, and improve Supply Chain Risk Management (SCRM) to secure the Department’s critical classified and unclassified information. - Implement and update the Cybersecurity Maturity Model Certification (CMMC) risk based framework to enhance the cybersecurity posture of the DIB sector and protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). - Conduct CMMC pilots and risk reduction pathfinders with Services, Agencies, and/or international partners to support the phased rollout. - Test and demonstrate full operational capability of the CMMC Enterprise Mission Assurance Support Service (eMASS) database and infrastructure. - Maintain secure data transfers from third party commercial assessment organizations and CMMC eMASS, and between CMMC eMASS and other DoD databases.

Open PDF

Document Details

Document Type
R2 Budgetary Justification
Publication Date
Oct 01, 2022
Source ID
0606771D8Z_6_0400_PB_2022
Change Summary Explanation
Service Agency Name
Office of the Secretary Of Defense

Entities

Organizations

  • Office of the Secretary of Defense

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Acquisition
  • Best Practices
  • Contractors
  • Contracts
  • Cyber Threats
  • Cyberattacks
  • Cybersecurity
  • Cyberspace Operations
  • Data Transmission
  • Department Of Defense
  • Information Security
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Supply Chain
  • Weapon Systems

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.

Technology Areas

  • Cyber

Related Documents