Information Systems Security Program

The Information Systems Security Program (ISSP), managed by the Defense Information Systems Agency (DISA), is a Department of Defense (DoD) initiative funded under PE 0303140K. Its primary objective is to enhance the cybersecurity posture of DoD information networks through research, development, testing, and evaluation (RDT&E) of advanced security technologies and architectures. The program supports global mission operations by delivering optimized cyber infrastructure solutions. It focuses on risk management, information assurance, and the secure sharing of information across both classified and unclassified networks.

Automation Technical Integration and Engineering in Cyberspace is a key line item within the ISSP. This effort aims to research, develop, and integrate real-time automation solutions that improve service operations and user experience in cyberspace. The program assesses emerging technologies and drives the adoption of automation to support current and next-generation warfighters. Its objectives include maturing technical and process automation, enhancing portfolio management, and supporting a transparent and optimized IT environment to counter dynamic cyber threats.

Zero Trust Architecture (ZTA) is another major focus area, supporting the creation and maturation of a Zero Trust Commercial Cloud Lab (ZTCCL). This lab provides an environment for developing, testing, and integrating zero trust concepts, capabilities, and technologies for the DoD Information Network (DoDIN). The ZTA project seeks to improve the DoDIN's ability to prevent, detect, respond to, and recover from cyber threats, while ensuring scalability and interoperability. Funding supports ongoing cybersecurity testing, accreditation, and integration of new hardware and software to maintain operational readiness.

Public Key Infrastructure (PKI) modernization is a significant component of the ISSP. The program is tasked with transitioning the DoD PKI to stronger cryptographic algorithms by 2027, in compliance with NSA and DoD CIO mandates. Objectives include building and testing new cryptographic infrastructure, migrating to a hybrid cloud platform, and establishing a Public Trust Certificate Authority for automated issuance and renewal of TLS certificates. These efforts are intended to enhance security, reduce operational costs, and support new requirements such as mobile credentialing for classified networks.

Endpoint License and Support and SIPRNet Endpoint Management are initiatives designed to strengthen endpoint security across DoD networks. In FY 2025, DISA focused on evaluating and adapting Unified Endpoint Management (UEM) tools and procuring licenses for SIPRNet, the DoD's classified network. This shift to commercial solutions enables comprehensive monitoring and rapid deployment of endpoint security capabilities, supporting Zero Trust principles and improving the security posture for a large user base. The program also includes cloud-based testing environments to accelerate the integration of endpoint security technologies.

The ISSP's goals are justified by the need to protect DoD networks against increasingly sophisticated cyber threats, comply with evolving federal mandates, and support the secure operation of mission-critical systems. By investing in automation, zero trust, PKI modernization, and endpoint security, the program seeks to ensure that DoD information systems remain resilient, interoperable, and capable of supporting both current and future operational requirements. The program's activities are closely aligned with strategic directives from USSTRATCOM, NSA, DoD CIO, and other key stakeholders.