Information Systems Security Program

The Information Systems Security Program (ISSP) is a Department of the Air Force (DAF) initiative focused on the research, development, test, and evaluation (RDT&E) of cryptographic modernization capabilities for nearly all Air Force weapon systems. The primary goal of ISSP is to ensure the confidentiality, integrity, and availability of sensitive information through advanced cryptographic solutions, compliant with National Security Agency (NSA) mandates. This program is essential for enabling secure communications and information flows that underpin Joint All Domain Command and Control (JADC2) and other critical defense operations. ISSP efforts are foundational to Communications Security (COMSEC), serving as the first and last line of cyber defense against adversary exploitation.

The Cryptographic Modernization (CM) line item is dedicated to upgrading existing cryptographic devices to address emerging threats, particularly those posed by quantum computing. Objectives include transforming legacy systems to be quantum resilient, meeting NSA decertification requirements, and ensuring compliance with the Chairman Joint Chiefs of Staff Notice (CJCSN) 6510. Key activities under CM include technology development for modular open system architectures, modernization of Identification Friend or Foe (IFF) Mode 5 devices, algorithm transition compliance, and the implementation of Space Modular Common Crypto (SMCC) architectures. The program also supports the development of Classified Data At Rest (CDAR) solutions to protect sensitive information stored on various platforms.

The Cryptographic Modernization 2 (CM2) line item expands upon the initial modernization efforts by focusing on next-generation cryptographic capabilities that are robust, modular, and scalable. CM2 aims to provide quantum resilience across all DAF platforms, including Nuclear Command, Control, and Communications (NC3), Intelligence, Surveillance, Reconnaissance (ISR), Public Key Infrastructure (PKI), and Key Management Enterprise (KME). The program includes hardware and software upgrades, studies, proof-of-concept initiatives, and prototype development to address evolving quantum threats. CM2 also emphasizes the integration of artificial intelligence and machine learning to enhance secure communications for JADC2 and strategic deterrence missions.

Within CM2, several targeted efforts are underway. Technology Development (TD) focuses on maturing modular, open systems architectures and implementing new NSA algorithms and key management standards. Information Assurance (IA) Support provides compliance and risk reduction for algorithm integration, fielding enterprise crypto solutions, and improving sustainment and integration costs. Crypto Enterprise Management develops asset management applications for enhanced traceability and accountability of cryptographic items, integrating data from logistics and supply chain systems. Remote Rekey Next Generation (RRK-NG), also known as Black Arrow, is developing quantum-resilient key distribution systems for NORAD, FAA, and potential foreign military sales.

The Classified Data At Rest (CDAR) initiative under CM2 delivers NSA-approved cryptographic solutions for protecting Top Secret and Below (TSAB) data at rest across multiple Air Force platforms. This includes the development and fielding of single-channel and multi-channel inline media encryptors, with efforts focused on meeting NSA Security Evaluation Requirements Document (SERD) mandates. The Identification Friend or Foe (IFF) Mode 5 modernization ensures quantum resilience and algorithm reprogrammability for devices used in aircraft and ground stations, preventing adversary disruption and enhancing authentication and encryption services.

Additional CM2 projects include KG-3XA for NC3 Very Low Frequency (VLF) capabilities, which modernizes legacy cryptographic devices to support secure emergency action messaging, and Space COMSEC/SMCC, which integrates quantum-resilient cryptography into space ground and orbital equipment. These efforts are designed to support the growing demands of space-based communications, increasing data throughput and channel capacity while ensuring NSA certification.

The acquisition strategy for both CM and CM2 leverages a mix of evolutionary and incremental approaches, utilizing spiral development for new components and certified non-developmental items for modernization. Contract types are selected based on technology risk and acquisition approach, with a combination of fixed-price and cost-reimbursement contracts to maximize government value. The ISSP and its associated modernization programs are critical for maintaining secure, resilient communications and information systems across the Air Force and the broader Department of Defense enterprise.