Operational Resilience in Cyberspace
DTE&A assists DoD programs and test authorities to understand and implement current policy and guidance concerning cybersecurity and the cyber survivability endorsement for the System Survivability Key Performance Parameter. DTE&A assists with the engineering and testing to verify technical requirements for sustaining operational resilience in cyberspace. Contact the DTE&A Cyber Team:
DoDIs 5000.89 and 8500.01 establish the requirement to conduct cybersecurity DT&E of DoD systems to support assessments of cybersecurity, survivability, and resilience within a mission context.
Cyber DT&E is required of all DoD systems and services, including:
-
- Pre-acquisition program technologies and systems (e.g., science and technology and prototype development for eventual insertion into DoD networks, systems, and platforms).
-
- Acquisition systems under the DoDD 5205.07.
-
- Systems acquired via the Defense Acquisition System, including abbreviated acquisition programs under the US Navy or US Marine Corps and acquisitions pursuing any adaptive acquisition framework pathway in accordance with DoDD 5000.01 and DoDI 5000.02.
-
- Systems in sustainment, or post productions systems, when those systems have software, hardware, mission, or other changes as outlined in DoDM 5000.UY.
When planning for cyber DT&E, by either the contractor or the government, establish a cyber working group to start early and iterate planning, preparing, executing, evaluating, and reporting cyber DT&E.
During planning, six recurring scoping activities inform the cyber DT&E strategy:
MBCRAs use the results of the other planning activities as depicted in the critical MBCRA elements diagram:
Cyber DT&E Activities
Follow the policy and guidance to scope iterative testing to find, fix, and verify fixes. Cyber DT&E activities support data generation for independent evaluation of the measurable and testable cyber performance requirements for the system under tests' ability to:
- Prevent cyberspace events from causing the failure of mission or safety critical functions or operational mission impacts.
- Detect anomalies caused by cyberspace events.
- Determine the cause of the anomaly, system misconfigurations, or design flaws.
- Report facts about the cyberspace event sufficient to mitigate the anomaly or design flaw to a responsible entity, which may be a non-person entity.
- Enable the entity to mitigate the reported anomaly both during and after the operational mission.
- Recover from the loss of mission or safety critical functions and maintain operational resilience throughout the life cycle.
Use results of government cyber DT&E to inform program acquisition decisions, RMF security control assessments, risk and authorization decisions, and cyber operational T&E planning.
DTE&A sponsors the collaborative Cyber Developmental Test Cross Service Working Group (CyberDT XSWG) to promote, develop, and enhance cyber DT&E in the DoD. The CyberDT XSWG holds Service led monthly virtual sessions and semi-annual in person working groups. Contact the DTE&A cyber team to participate, OSDRE-DTEA-Cyber@groups.mail.mil.
Joint Cyber Community of Practice (JC COP)
The Joint Cyber Community of Practice (JC COP) is a USD(A&S) and USD(R&E) co-sponsored, bi-weekly lecture series of cyber-centered presentations to engineering, acquisition, and other stakeholders across the Department of Defense (DoD). The purpose is to share changing cyber survivability and operational resilience practices, policies, and guidance; introduce new tools, processes, and ideas, and unify cyber-related acquisition efforts across the DoD to deliver survivable and resilient systems to the warfighter.
DT&E Products
Below are links to DTE&A cyber developed or managed guidance, research, websites, and other information.
DoD Cybersecurity T&E Guidebook FOUO Appendices v2
Located in the DoD Cybersecurity Test and Evaluation Guidance folder under Shared Documents.
DoD Cybersecurity T&E for Commercial Cloud
Addendum to the DoD Cybersecurity T&E Guidebook
Office of the Under Secretary of Defense,
Research and Engineering (OUSD(R&E))
3030 Defense Pentagon, Washington, DC 20301-3030
Contact Us
Contact Us
Information for the USD(R&E):
Contact OUSD(R&E) Staff
Social Media: @DoDCTO on Twitter
For website issues: Contact Webmaster