DoD Systems Engineering - What's New
Building from previous editions of the DoD Risk Management Guide, the revised edition emphasizes managing not only program risks but also issues and opportunities. The guide supports DoDI 5000.02 policy as well as the DoD Better Buying Power 3.0 initiative to “improve leaders’ ability to understand and mitigate technical risk.”
The risk management framework remains the core and the model for all three processes. Programs must identify risk as early as possible to prevent problems before they occur and to avoid unnecessary costs late in the life cycle. In addition, the guide acknowledges the distinct and complementary influence of issues, or problems that have already occurred or will certainly occur, and opportunities, which could potentially provide benefits to the program if pursued.
The guide draws on insights from DoD program reviews and extensive practitioner experience to offer advice for programs as they seek to identify, analyze, handle, and monitor risks, issues, and opportunities. The guide highlights “expectations” programs should have in mind as they develop their management approaches.
The guide reflects considerable study and collaboration, including contributions from the Services, Defense Acquisition University, and industry, yet it remains a living document. Risk management is a vital DoD focus and remains a target for continuing process improvement. Readers are encouraged to review the guide and offer comments to support this continuing effort.
Four New Engineering-Related Standards Now Available for DoD Use (Posted June 2015)
Four new non-government standards focusing on systems engineering, technical reviews and audits, manufacturing, and configuration management are now available for application on Department of Defense (DoD) contracts:
- IEEE 15288.1-2014, "IEEE Standard for Application of Systems Engineering on Defense Programs," was issued May 15, 2015 and adopted for use by the DoD on June 5, 2015. This standard implements IEEE/ISO/IEC 15288-2015, "ISO/IEC/IEEE International Standard - Systems and software engineering -- System life cycle processes," for use by DoD organizations and other defense agencies in acquiring systems or systems engineering support. It establishes requirements for systems engineering outcomes, activities, and outputs for DoD projects across the entire system life cycle, including the planning, acquisition, modification, and sustainment of defense systems. This standard is available for purchase from the IEEE Standards Store (http://www.techstreet.com/ieee). DoD employees with a CAC may access this document through ASSIST (https://assist.dla.mil/) without charge.
- IEEE 15288.2-2014, "IEEE Standard for Technical Reviews and Audits on Defense Programs," was issued May 15, 2015 and adopted for use by the DoD on June 5, 2015. This standard establishes requirements for technical reviews and audits to be performed throughout the acquisition life cycle for DoD programs. It provides the definition, description, and intent, as well as the entry/exit/success criteria, for each technical review and audit. This standard is available for purchase from the IEEE Standards Store (http://www.techstreet.com/ieee). DoD employees with a CAC may access this document through ASSIST (https://assist.dla.mil/) without charge.
- SAE AS6500, "Manufacturing Management Program," was issued November 11, 2014, and adopted for use by DoD on January 20, 2015. This standard replaces MIL-STD 1528A and governs the implementation of best practices for the management of manufacturing operations. It is applicable to all phases of the system acquisition life cycle and is intended for use on all programs with manufacturing content. This standard is available for purchase from SAE International (http://www.sae.org).
- EIA 649_1, "Configuration Management Requirements for Defense Contracts," was issued November 20, 2014, and adopted for use by the DoD on March 4, 2015. It implements configuration management requirements for defense contracts based on the requirements in EIA-649-B, "Configuration Management Standard," also adopted for use by DoD on March 4. These documents are available for purchase from SAE International (http://www.sae.org).
For more information on DoD adoption of standards, visit ASSIST (https://assist.dla.mil/), the official source for specifications and standards used by the Department of Defense. For additional information about DoD’s efforts to leverage voluntary consensus standards to meet the needs of the engineering community, contact DASD(SE) with questions and comments.
The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the Under Secretary of Defense for Intelligence, released an update to Department of Defense Instruction 5200.39, Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation (RDT&E). Highlights include:
- U.S. warfighter technological advantage will be maintained and operational effectiveness of DoD capabilities will be preserved through the identification and protection of CPI.
- CPI will be identified early and reassessed throughout the RDT&E program so that CPI protections requirements and countermeasures may be identified and applied as the CPI is developed and modified throughout the lifecycle as needed.
- CPI will be horizontally identified and protected to ensure equivalent protections are consistently and efficiently applied across programs based on the exposure of the system, consequence of CPI compromise, and assessed threats. Protections will, at a minimum, include anti-tamper, exportability features, security (cybersecurity, industrial security, information security, operations security, personnel security, and physical security), or equivalent countermeasures.
- CPI protection measures will be integrated and synchronized, then documented within the Program Protection Plan (PPP).
- The original classification authority with program and supervisory responsibility for the CPI will conduct a review to make a determination of classification for vulnerabilities.
DASD(SE) Releases 2015 System of Systems Webinar Schedule (Posted April 2015)
The Office of the Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) announces lineup for the 2015 System of Systems Engineering Collaborators Information Exchange (SoSECIE) webinars, co-sponsored with the National Defense Industrial Association Systems Engineering Division. These webinars bring together those in the DoD community (military, government, industry, and academia) interested in advancing systems engineering for systems of systems.
The Office of the Deputy Assistant Secretary of Defense for Systems Engineering has released “Guidance to Requiring Activities for Implementing Defense Federal Acquisition Regulation Supplement Clause 252.204-7012 (Safeguarding Unclassified Controlled Technical Information).”
This guidance will assist Requiring Activities to carry out their responsibilities should a defense contractor report a compromise on a contract that contains unclassified CTI. The guidance contains the main Requiring Activity responsibilities with regard to the DFARS clause, instructions for media submission, and answers to frequently asked questions.
The Defense Procurement and Acquisition Policy (DPAP) office within the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics published the DFARS clause in November 2013. When included in a DoD contract, the clause requires a company to report to the Department the possible exfiltration, manipulation, or other loss or compromise of unclassified CTI; or other activities that allow unauthorized access to the contractor’s unclassified information system on which unclassified CTI is resident or transiting.
In addition, in December 2014 DPAP published a revision to DFARS Subpart 204.73 to add references to the Procedures, Guidance, and Information to assist contracting officers in implementing the clause.