Intelligence & Security

The Validated Online Lifecycle Threat (VOLT) Report is a regulatory document for Acquisition Category (ACAT) I-III programs. These programs require a unique, system-specific VOLT Report to support capability development and PM assessments of mission needs and capability gaps against likely threat capabilities at Initial Operational Capability (IOC). Validated Online Lifecycle Threat (VOLT) Report Purpose The […]

The Life-Cycle Mission Data Plan (LMDP) defines specific Intelligence Mission Data (IMD) requirements for a program and becomes more detailed as the system progresses toward Initial Operational Capability (IOC). Definition:  The Life-Cycle Mission Data Plan (LMDP) is a statement of program needs that is applied throughout the life of an IMD-dependent acquisition program and potentially

The Initial Threat Environment Assessment provides capability developers and Program Managers (PM) the ability to assess mission needs and capability gaps against likely adversary threat capabilities at Initial Operational Capability (IOC). It forms the basis for the initial System Threat Assessment Report (STAR) at Milestone A, and is superseded by the Milestone A STAR. The

The cybersecurity strategy is a plan of action to maximize an organization’s computer network security and resiliency. The strategy is a required acquisition program document (per DoD Instruction 5000.02 and Clinger-Cohen Act) that details how a program will ensure that an Information Technology system can protect and defend itself from a cyber attack.  The Program

A System Threat Assessment (STA) is obtained from the Intelligence community during the JCIDS shortfall identification process. It will be obtained primarily from the Capstone Threat Assessments (CTAs) and System Threat Assessment Report (STAR). The CTAs project foreign capabilities in particular warfare areas looking out 20 years. Once the JCIDS Process identifies a materiel solution

A Cryptography Key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption. Keys are also used in other cryptographic

  The Defense Intelligence Agency (DIA) Threat Assessment Reports provide specific and timely threat characterization of an identified suppliers to the Program Manager (PM) and Program Management Office (PMO). They are used to assist in selecting the supplier and/or architecture alternatives and developing appropriate mitigations for supply chain risks. [1]   Website: Defense Intelligence Agency

A Security Clearance is issued by the head of a department, division, or agency of the federal government. The type of security clearance that one can be approved for also depends upon the department, division, or agency involved. For classification purposes, the types of security clearances are: CONFIDENTIAL: This refers to material, which, if improperly

The Technology Assessment/Control Plan (TA/CP) is prepared by the Program Manager (PM) when there will be foreign involvement in a program. It’s prepared after completing the identification of Critical Program Information (CPI) and the Security Classification Guide (SCG). The TA/CP does the following: [1] Assess the feasibility of U.S. participation in joint programs from a

The Technology Release Roadmap (TRR) provides a projection of when export licenses will be required in support of the Acquisition Process and critical Milestones regarding national disclosure policy implementation on acquisition programs involving international involvement by foreign industry. The TRR is conducted prior to the Engineering, Manufacturing, and Development (EMD Phase.  The Program Manager (PM)

Systems Security Engineering (SSE) is an element of Systems Engineering (SE) that applies scientific and engineering principles in a standardized, repeatable, and efficient manner to identify security vulnerabilities, requirements, and methods of verifications that minimize risks.  SSE delivers systems that satisfy stakeholder security needs for weapon system operation in today’s cyber-contested environments. [1] Definition: Systems

Special Access Programs (SAP) is a compartmentalized source of information that has limited access for selected Critical Program Information (CPI). SAPs are created by departments and agencies and has protocols and safeguards from unintended disclosure that exceed normal (collateral) classified information. A SAP may impose more stringent investigative or adjudicative requirements, specialized nondisclosure agreements, special

Sensitive Compartmented Information (SCI) is a classification label that is put on data and information that is sensitive in nature and belongs to a certain program or department. The data can be derived from multiple sources as Critical Program Information (CPI), analysis data and/or intelligence data. The SCI moniker is normally used by the National

A Single Scope Background Investigation (SSBI) is a type of security investigation conducted by the US Government to obtain a Top Secret (TS) clearance and access to Sensitive Compartmented Information (SCI).  Standard Form 86 (SF86) is required to begin the background check process. The SSBI examines information from the past ten (10) years about finances,

  A Program Security Instruction (PSI) details security arrangements for the program and harmonizes the requirements of the participants’ national laws and regulations. The PSI contains all of the security procedures that form the security “Standard Operating Procedures” for an international program. Using the Under Secretary of Defense OSD) for Acquisition, Technology and Logistics (AT&L)

Operations Security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information. [1] OPSEC is a

The National Industrial Security Program Operating Manual (NISPOM) establishes the standard procedures and requirements for all government contractors regarding classified information. It covers the entire field of government-industrial security-related matters. Under the NISP, the USG establishes requirements for the protection of classified information to be safeguarded in a manner equivalent to its protection within the

Information Security (InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc…) [1] Three (3) security initiatives that fall under InfoSec are: Computer Security (COMPUSEC): is

The Horizontal Protection Program ensures that DoD acquisition programs developing new or revised Program Protection Plans (PPP) have access through a standard DoD-wide automated system. Access to the database allows the programs to compare levels of classification and sensitivity. The objective of Horizontal Analysis and Protection activities is to ensure consistent, cost-effective application of similar

Electronic Warfare (EW) refers to any action involving the use of the electromagnetic spectrum or directed energy to control the spectrum, attack an enemy, or impede enemy assaults via the spectrum. The purpose of electronic warfare is to deny the opponent the advantage of, and ensure friendly unimpeded access to, the EM spectrum. EW is

The Department of Defense (DD) Form 254 “Contract Security Classification Specification” provides a contractor (or a subcontractor) the security requirements, classification guidance, and handling procedures for classified material received and/or generated on a classified contract. The Federal Acquisition Regulation (FAR) requires that a DD Form 254 be incorporated in each classified contract, and the National

Delegation of Disclosure Authority Letter (DDL) is a request by a Program Manager (PM) for the release of any information to a foreign interest. It can request/recommend foreign involvement on a program, disclosure of the program to foreign interests, request for authority to conclude an international agreement, or a decision to authorize foreign sales. The