System Security Engineering (SSE) integrates research and technology protection into the Systems Engineering Process. It prevents or delays exploitation of Critical Program Information (CPI) in U.S. defense systems and may include Anti-Tamper (AT) activities. It supports the development of programs and design-to-specifications providing life-cycle protection for critical defense resources. The benefit of SSE is derived after acquisition is complete by mitigation of threats against the system during deployment, operations, and support. SSE may also address the possible capture of the system by the enemy during combat or hostile actions.

MIL-HDBK-1785 “System Security Engineering Program Management Requirements” –  1 Aug 1995

System Security Management Plan (SSMP)
The SSMP is a detailed plan outlining how the System Security Engineer and the contractor(s) will implement SSE, and may be part of the Systems Engineering Plan (SEP). The Program Manager (PM), System Security Engineer and the System Security Engineering Working Group (SSEWG) defines and identifies all SSE aspects of the system, develops SSE architecture, reviews the implementation of the architecture, and participates in design validation and writes the SSMP. The SSMP establishes guidance for the following tasks: [1]

  • Analysis of security design and engineering vulnerabilities
  • Development of recommendations for system changes, to eliminate or mitigate vulnerabilities through engineering and design, any characteristics that could result in the deployment of systems with operational security deficiencies
  • Development of security requirements
  • How the contractor will interact with the government, subcontractors and vendors, and the anticipation level from each
  • The contractor will describe methods which sale me implemented to  insure program schedules are maintained
  • MIL-HDBK-1785 contains procedures for contracting an SSE effort and an SSMP
  • Utilize: Data Item Descriptions DI-MISC-80839

SSE secures the initial investment by “designing-in” necessary countermeasures and “engineering-out” vulnerabilities, and thus results in saving time and resources over the long term. During the system design phase, SSE should identify, evaluate, and eliminate (or contain) known or potential system vulnerabilities, spanning the life cycle from system deployment through system demilitarization. [1]

The SSE process defines the procedures for contracting for an SSE effort and an SSMP. Implementation requires contractors to identify operational vulnerabilities and to take action to eliminate or minimize associated risks. [1]

AcqLinks and References:


Print Friendly, PDF & Email