Joint Regional Security Stacks (JRSS)

The Joint Information Environment (JIE) program, managed by the Defense Information Systems Agency (DISA), is focused on developing and maintaining a unified, secure information architecture for the Department of Defense (DoD). The primary goal of JIE is to streamline and standardize cybersecurity protections across DoD networks by leveraging enterprise defensive capabilities and integrating complementary security solutions. This effort supports the DoD's broader objective of enhancing network resilience and reducing vulnerabilities to cyber threats, while also achieving cost efficiencies through consolidation and modernization.

Within the JIE program, the principal line item is the Joint Regional Security Stacks (JRSS). JRSS consists of regionally deployed security stacks that serve as centralized points for network defense, monitoring, and management. Each stack is made up of software and hardware components that operate as a single unit, providing standardized security suites to protect against attacks that could disrupt or damage DoD networks. There are currently fourteen Non-Secure Internet Protocol Router (NIPR) stacks, with plans to reduce this footprint to nine by the end of FY 2025, and to fully decommission the remaining stacks by FY 2027 in accordance with the JRSS Senior Advisory Group-approved Decommissioning Plan.

The objectives for JRSS include streamlining cybersecurity protections, removing redundant Information Assurance (IA) mechanisms, and providing robust tools for monitoring and controlling all security mechanisms within DoD's JIE. The stacks are designed to protect internal network enclaves and support the separation of server and user assets, thereby reducing risk and improving the overall security posture. Additionally, JRSS provides the necessary toolsets for continuous monitoring, enabling proactive cyber operations and uninterrupted availability of information.

A critical component supporting JRSS is the JRSS Management System (JMS), which centralizes the management and operational control of JRSS components. JMS enables DoD Components to maintain Title 10-required visibility and management of IT security, while also providing high-level oversight to U.S. Cyber Command (CYBERCOM). The system facilitates centralized policy and configuration management, network transport visibility, and real-time analysis of operational impacts. This supports standardized cyber defense operations across the enterprise.

For FY 2024 and FY 2025, the program's Research, Development, Test, and Evaluation (RDT&E) funding is directed toward maintaining operational capability, conducting cybersecurity testing to retain accreditation and Authority-To-Operate (ATO) approvals, and integrating technology refreshes for end-of-life hardware and software. These activities are essential to ensure that JRSS remains effective and secure until its planned sunset. The program also includes integration testing of updated components and minimal tech refresh efforts to support remaining users during the transition period.

The FY 2026 budget reflects a significant decrease in RDT&E funding, as JRSS transitions to Operations & Maintenance (O&M) funding in line with decommissioning efforts. The focus shifts to bare minimum technical refreshes and limited testing requirements, supporting only the essential operational capability for users still onboard JRSS. This transition is part of the broader Portfolio Management, Modernization and Capabilities (PM2C) Council and DoD Services-directed plan to phase out JRSS and migrate users to alternative security architectures.