1、 UIL-HDBK-L7BS = 9999970 0210703 LBO NOT: FIL.STD.1785 has been redesignated a5 a handbook, and is to be used for guidance purposes only. This document is no longer to be cited as a requirement. For administrative expediency , the on1 y physi cal change from MIL-STD-1785 is this cover page. However,
2、 this document is no longer to be cited as a requirement, If cited as a requirement. contractors may disregard the requirements of this document and interpret its contents only as guidance. DEPARTMENT OF DEFENSE HANDBOOK FOR SYSTEM SECURITY ENGINEERING PROGRAM MANAGEMENT REQUIREMENTS 1 NOTsF$R?FENT
3、1 MIL-HDBK-1785 1 Ausust 1995 SUPERSED I NG MI L -STD - I785 1 September 1989 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-1785 9999970 0230704 017 MIL-STD-1785 DEPARTMENT OF DEFENSE WASHINGTON DC 20301 System Security Engineering (SSE) M
4、anagement Progiam Requirements MIL-STD-1785. 1. This military standard is approved for use by all Departments and Agencies of the Department of Defense. 2. Beneficial comments (recommendations, additions, deletions) and any pertinent data which may improve this document is addressed to: Headquarters
5、 Air Force Systems Comrnand, Office of the Chief of Security Police, Andrews AFB, Washington, DC 20334. Use the self addressed standardized Document Improvement Proposal (DD Form 1426) at the end of this document or send comments by letter. . Provided by IHSNot for ResaleNo reproduction or networkin
6、g permitted without license from IHS-,-,-m 9999970 0230705 753 m MIL-HDBK-1785 HI L- STD- 17 8 5 FOREWORD The primary objective of the System Security Engineering Management program is to minimize or contain defense system vulnerabilities to known or postulated security threats. Scientific and engin
7、eering principles are applied during design and development to identify and reduce these vulnerabilities. Management techniques include life cycle considerations to ensure identified threats and vulnerabilities are contained. The basic premise of SSE philosophy is recognition that an initial investm
8、ent in “engineering-out“ security vulnerabilities and “designing-in“ countermeasures is a long term cost saving meacurz-. SSE is integrated with the system acquisition planning process to identify life cycle security threats and vulnerabilities, and concentrate on defense system susceptibility to da
9、mage, compronise or destruction. iii Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Pa rasraph 1 . 1.1 1.2 1.2.1 1.2.2 2 . 2.1 2.1 2.2 2.3 3 . 3.1 3.2 3.3 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 3.20 3.21 3.22 3.23 3.24
10、 3.25 3.26 3.4 MIL-HDBK-L785 m 70 0230706 T MIL-STD- 17 8 5 CONTENTS Paqe SCOPE 1 Purpose 1 Tailoring Task Descriptions 1 Application Guidance 1 . 1 Applicability . REFERENCE DOCUMENTS 2 Government Documents 2 Specifications. Standards and Handbooks 2 Order of Precedence 2 Source of Documents 2 . .
11、DEFINITIONS . Acquisition Program Adversary Scenario . Adversary Model Carve-out Configuration Item (CI) Cost Trade-offs Countermeasure . Electronic Security Facilities . Integrated Logistics Support . Life Cycle Cost (LcC) Logistics Support Analysis (LSA) . Maintainability Maintenance Concept Secur
12、ity Criteria Security Subsystem . Security System Subsystem System . System Security Engineering Management . System Security Management Plan (SSMP) . Technology Trade-offs Threat Validation Vulnerability Operational Test and Evaluation System Security Engineering (SSE) 3 3 3 3 3 3 3 3 3 4 4 4 4 4 4
13、 4 5 5 5 5 5 5 5 5 6 6 6 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-2785 9999970 0230707 826 MIL-STD-17 85 CONTENTS (contfd) Paraqraph 4 . GENERAL REQUIREMENTS 4.1 SSE Management Program . 4.2 SSE Program Requirements . 4.2.1 Concept Ex
14、ploration Phase 4.2.2 Demonstration and Validation Phase . 4.2.3 Full-scale Development Phase . 4.2.4 Production and Deployment Phase 5 . DETAILED REQUIREMENTS . 5.1 Purpose 5.2 Application Guidance . 5.3 Task Requirements 5.3.1 Concept Exploration Phase 5.3.1.1 System Security Management Plan 5.3.1
15、.2 Threat Definition and Analysis . 5.3.1.3 Preliminary System Security Concept 5.3.1.4 Security Requirements Definition . 5.3.1.5 Technology Assessments and Cost Studies 5.3.1.6 Logistics Support 5.3.1.7 Security Training Requirements . 5.3.1.8 R and develop recommendations for engineering changes
16、to eliminate or mitigate vulnerabilities consistent with other design and operational considerations. SSE supports the development of programs and standards to provide life cycle security for critical defense resources. 1.2 Amlicabilitv. Tasks described here are selectively applied in DOD contract s
17、pecifications, request for proposals, statements of work and Government in-house efforts requiring a system security engineering management program. The word llcontractorsl include Government activities developing military systems, equipment and facilities. This standard may also apply to initial de
18、sign of new facilities or modifications to existing ones. 1.2.1 Tailorins Task DescriRtions. Task descriptions are tailored as needed and applied to system security engineering management programs. When preparing a proposal the contractor may include additional tasks and modify these tasks as long a
19、s supporting rationale is provided. 1.2.2 Application Guidance. Government and industrial organizations responsible for system security engineering management programs must select tasks which can materially aid in attaining overall security objectives in a cost effective manner. they may be tailored
20、. Further, the timing and depth required during the various acquisition phases are often driven by interface with other ongoing program activities. For these reasons, specific rules are not defined for all task requirements. Once tasks have been selected, 1 Provided by IHSNot for ResaleNo reproducti
21、on or networking permitted without license from IHS-,-,-MIL-8TD-1785 2. REFERENCE DOCUMENTS 2.1 Government Documents. 2.1.1 Specifications. Standards and Handbooks. Unless otherwise indicated, specifications, standards, and handbooks listed in the Department of Defense Index of Specification and Sta
22、ndards (DODISS) for solicitations form a part of this standard to the extent cited below. STANDARDS : MILITARY MIL-STD-4 7 O Maintainability Program for System and Equipment MIL-STD-490 Specification Practice MIL-STD-499 Engineering Management MIL-STD-78 5 Reliability Program for System and Equipmen
23、t Development and Production MIL-STD-1388-1 Logistics Support Analysis 2.2 Order of Precedence. In the event of conflict between the text of this standard and the references, the text of this standard takes precedence. 2.3 Source of Documents. Copies of military standards, specifications and associa
24、ted documents listed in the Department of Defense Index of Specifications and Standards are available from the Department of Defense Single Stock Paint, Commanding Officer,Naval Publications and Forms Center, 5801 Tabor Avenue, Philadelphia, PA 19120. sponsoring industry association. Copies of all l
25、isted documents are obtained from the contracting activity or as directed by the contracting officer. Copies of industry association documents are obtained from the 2 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-1785 9999970 0210711 257 M
26、IL-STD-1785 3 DEPINITONS 3.1 Acquisition Proqram. A directed effort funded through procurement appropriations; the security assistance program; or through research, development, test and evaluation (RDTciLiuiis dec3xmagnetiz radiatims. 3 Provided by IHSNot for ResaleNo reproduction or networking per
27、mitted without license from IHS-,-,-NIL-HDBK-L785 9999970 02L712 143 MIL-8TD-1785 3.9 Facilities. Buildings, structures, or other real property improvements separately identified on the real property records and including items of real property. Facilities are categorized as technical support real p
28、roperty, critical subsystems, non-technical support real property (NSRP), and industrial facilities. 3.10 Intesrated Loqistics Support (ILS). A composite of all the supported considerations necessary to make sure a system is effectively and economically supported for its life cycle. An integral part
29、 of all other aspects of system acquisition and operations. 3.11 Life Cycle Cost (LCC). Includes all cost categories, both contract and in-house, and all related appropriations. It is the total cost to the government for a system over its full life, and includes the cost of development, procurement,
30、 operating, support, and, where applicable, disposal. 3.12 Loqistic Sumort Analysis (LSA). LSA is a system engineering and design process selectively applied during all life cycle phases of the system/equipment to help ensure supportability objectives are met. 3.13 Maintainability. A measure of the
31、time or maintenance resources needed to keep an item operating or to restore it to operational status (or serviceable status). Maintainability may be expressed as the time to do maintenance (for example, maintenance downtime per sortie), as a usage rate (for example, maintenance work hours per flyin
32、g hour), as the staff required (for example, maintenance personnel per operational unit), or as the time to restore a system to operational status (for example, mean down time). 3.14 Maintenance ConceDt. A description of maintenance considerations and constraints. The operating command, with the hel
33、p of the implementing and supporting commands, develops a preliminary maintenance concept and submits it as part of the preliminary system operational concept for each alternate solution. The preliminary maintenance concept is refined during the validation phase and becomes the system maintenance co
34、ncept during full-scale engineering development. Then the maintenance concept is expanded in scope .and detail and becomes the maintenance plan. 3.15 ODerational Test and Evaluation (OTbrE). Test and evaluation, initial operational test and evaluation, and follow-on OT planning, organizing, identify
35、ing, and controlling the efforts that help achieve maximum security and survivability of the system during its life cycle; and interfacing with other program elements to make sure security functions are effectively integrated into the total system engineering effort. 3.23 Svstem Security Manacrement
36、 Plan (SSMP). A formal document that fully describes the planned security tasks required to meet system security requirements, including organizational responsibilities, methods of accomplishment, milestones, depth of effort, and integration with other program engineering, design and management acti
37、vities, ciiid re1d;tt.d systems. The set of requirements that should be met That part of a weapon or defense system 5 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-L?BS 9999970 02L07L4 Tbb 9 MIL-STD- 17 8 5 3.24 Technoloqv Trade-offs. Trad
38、e-offs among ricks; that is, the effect of technology on the development of new hardware, or procedures. 3.25 Threat Validation. A documented confirmation by DIA or other DOD intelligence agency that the intelligence contained in the Statement of Operational Need applies to the mission tasks and is
39、consistent with current intelligence community estimates. 3.26 Vulnerabilitv. In security engineering, the susceptibility of systems or components to overt or security threats. vulnerability is measured in terms of function or absence of function of design. software, Security b Provided by IHSNot fo
40、r ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-Li85 7999970 0210715 9T2 H MIL-STD- 1785 4. GENERAL REQUIREMENTS 4.1 System Security Enqineerinq SSE) Manaqement Proqram. The contractor shall establish a SSE program to support economical achievement of overall pr
41、ogram objectives. efficient, the SSE program: (1) enhances the operational readiness and mission success of the defense resource: (2) identifies and reduces potential vulnerabilities to security threats; (3) provides management information essential to system security planning and; (4) minimizes its
42、 own impact on overall program cost and schedule. 4.2 SSE Proqram Requirements. Weapon system acquisition is divided into four phases: concept exploration, demonstration and validation, full-scale development, and production and deployment. General SSE requirements accomplished during each of the fo
43、ur phases are as follows: To be considered 4.2.1 Concept Exploration Phase. Develop system security criteria, describe the base-line security system design, and conduct security threat and vulnerability studies. , 4.2.2 Demonstration and Validation Phase. Through a series of analyses, the baseline s
44、ecurity system design described during the concept exploration phase is validated and preliminary performance specifications for security hardware and software prepared. Identified threats and vulnerabilities are processed through system design modifications and risk management. 4.2.3 Full-scale Dev
45、eloDment Phase. The security system should be fully designed and integrated. Security system hardware and software should be acquired or developed against the specifications prepared in the demonstration and validation phase. 4.2.4 Production and DeDloyment Phase. Implement the security system desig
46、n via production and conduct deployment planning. 7 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-378.5 9999970 0230736 839 MIL-STD-17 85 5. DETAILED REQUIREMENTS 5.1 Purpose. The SSE program establishes, as part of each acquisition develo
47、pment and upgrade program, appropriate procedures to identify security vulnerabilities and resulting actions to eliminate or contain associated risks. Further, it provides a means to insure necessary security requirements (physical, personnel, technical, cormunicationc, operations and information se
48、curity, etc.) are adequately considered and, when appropriate, incDrporated in the overall system development program. 5.2 Application Guidance. SSE requirements exist, in various degrees, throughout the life cycle of a major development and/or upgrade program. facilitate continuation of SSE objecti
49、ves through each acquisition phase: Concept Exploration, Demonstration and Validation, Full-scale Development, and Production and Deployment. It shall also accommodate class I through V modifications, test and evaluation, and research and development. As such, the SSE program shall be tailored to 5.3 Task Reauirements. 5.3.1 Concept ExDloration Phase. The primary outp
