Program Protection
Abstract
This program element supports the program protection activities of the Deputy Director, Strategic Technology Protection and Exploitation (DD, STP&E). The Department of Defense (DoD) must address cybersecurity and supply chain risks to DoD networks, weapons systems, and information stored and processed on both DoD and Defense Industrial Base (DIB) unclassified contractor information networks that support DoD programs. Increased reliance on the internet as a vehicle for sharing information, globalization of the supply chain, and advanced persistent threats (APTs) that can evade commercially available security tools and defeat generic security best practices, drives the need for diligent program protection planning and execution. Program Protection Planning includes protection of classified and unclassified controlled technical information, critical program information, critical components and critical mission functions, and integrates high level security policies and practical expertise to specific acquisition and S&T practices, systems engineering activities, and risk reduction activities. Through this initiative the Department is maturing system security engineering methodologies to protect controlled unclassified information, to include controlled technical information on contractor information networks; improve mitigation and management of supply chain risk management risks, improve integration of cybersecurity into the engineering processes, improve software assurance practices, mature processes to identify and protect Critical Program Information and improve program protection planning. Activities carried out, support implementation of DoD Instruction 5200.44 Trusted Systems and Networks with the use of proven mitigation techniques and tools, the ongoing refinement of risk management processes, and creation of needed technology; implementation of DoD Instruction 5200.39 Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation (RDT&E) to identify and protect Critical Program Information; and implementation of DoD Instruction 8582.01 Security of Unclassified DoD Information on Non-DoD Information Systems for Safeguarding Controlled Unclassified Information on contractor owned networks. DD, STP&E provides independent assessments of research, technology and defense acquisition program’s system security engineering and program protection implementation. The DD, STP&E reviews and approves the PPP for each MDAP, and monitors and reviews the system security engineering planning activities of MDAPs and other defense acquisition programs, as directed by the Secretary of Defense. This PE includes efforts by the office of the DD, STP&E in implementing the Department’s Trusted Defense System Strategy. Specifically, the PE will develop and mature the critical sub discipline of systems engineering - system security engineering (SSE), Hardware and Software Assurance, and the Comprehensive Program Protection Planning process that implements a risk-based approach to protection of critical program information, critical components and mission functions, and information in acquisition programs. These efforts include study and maturation of policy, guidance, system security discipline fundamentals, such as engineering methods, tools, and best practices, and establishing a coalition of assurance activities across the DoD to provide analytical and technical support to acquisition programs. These activities will be promulgated in defense acquisition as a fundamental element of the DD, STP&E systems engineering and technical reviews. In FY 2020, funding from this project will transfer to the Maintaining Technology Advantage PE 0605797D8Z, in alignment with the DD, STP&E mission.
Document Details
- Document Type
- Project
- Publication Date
- Oct 01, 2020
- Source ID
- 143_0605142D8Z_6_0400_PB_2020
Related Documents
- Root: Systems Engineering
- Child Accomplishment: Program Protection