Initiatives

Stay Informed

Keep up-to-date on all the latest DISA news and events by subscribing to DISA's email subscription service.

Subscribe ▸

JOINT REGIONAL SECURITY STACKS (JRSS)

Overview

  • DISA is partnering with the U.S. Army and Air Force to fundamentally change the way the Department of Defense secures and protects its information networks by deploying joint regional security stacks (JRSS).
  • A joint regional security stack is a suite of equipment that performs firewall functions, intrusion detection and prevention, enterprise management, virtual routing and forwarding (VRF), and provides a host of network security capabilities.
  • By deploying JRSS, security of the network is centralized into regional architectures instead of locally distributed architectures at each military base, post, camp, or station (B/P/C/S).
  • Each physical stack is comprised of racks of equipment which enable big data analytics, allowing DoD components to intake large sets of data to the cloud and provide the platforms for processing data, as well as the mechanism to help analysts make sense of the data.
  • The Army has funded DISA to upgrade their continental United States and U.S. Central Command infrastructures with the intent for DISA to centralize the Army's existing perimeter security infrastructure from hundreds of local security stacks into a JRSS construct. The Air Force will also use the JRSS construct to protect its infrastructure.
  • DISA is the designated approving authority and certification authority for multiprotocol label switching (MPLS)/JRSS equipment. MPLS is part of a modernization effort to upgrade the bandwidth capacity of the Defense Information Systems Network (DISN). It is also the industry‐standard, JRSS‐enabling technology that speeds and manages network traffic flow. (More information on reverse).
  • JRSS allows information traversing DoD networks to be continuously monitored to ensure response time as well as throughput and performance standards. JRSS includes failover, diversity, and elimination of critical failure points as a means to assure timely delivery of critical information.

  • JRSS offers increased visualization into the network.  Deploying JRSS enables the department to inspect data, retrieve threat and malware data on the network and troubleshoot, and then patch, protect, and defend the network.
  • JRSS will improve the effectiveness and efficiency of the network by ensuring that there is sufficient capacity to support the transition of services and capabilities from being hosted locally by the military departments.
  • JRSS will support the concepts of the Joint Information Environment (JIE):
    • Reducing duplication of security standards.
    • Flattening security and elevating security policy to the enterprise level.

Transitioning to the JIE Single Security Architecture (SSA) will increase operational effectiveness, achieve cost efficiencies, and enhance the cyber security posture of the Defense Department.

Installation is in progress at ten of the eleven JRSS sites planned in the continental United States (CONUS) and five sites planned outside CONUS (OCONUS).
DISA is working to:

  • Complete the ongoing installation of infrastructure to support MPLS and JRSS deployments for the locations already planned.
  • Coordinate with the military services and other DoD components to identify the resources for continuous implementation and deployment.
  • Migrate security services to JRSS in locations where installations are complete.

  • JRSS is part of a larger modernization effort to upgrade the bandwidth capacity of the Defense Information Systems Network (DISN) by implementing multiprotocol label switching (MPLS).
  • MPLS is the technology that speeds up network traffic flow, making it easier to manage by setting up a specific path for a given sequence of data packets, which are identified by a label placed in each packet.  This process saves the time needed for a router to look up the address to the next node, or connection point, to forward the data to.
  • An MPLS-upgraded network allows for more capacity and eliminates the latency issues that drive the military services to co-locate security stacks with installations.
  • Although JRSS will collapse local security stacks into centrally-managed, regional security stacks, the military services are able to control and manage their service-specific networks and maintain current command and control structures through the virtual routing and forwarding (VRF) technology offered by MPLS.
  • When combined with JRSS, the VRF technology intrinsic to MPLS provides the ability to support communities of interest, separate applications, and coalitions on a single network.  The way that the virtual firewalls are configured allows networks to be collapsed and use one security stack and yet maintain the integrity of the information being captured within that network.

  • Joint Regional Security Stack (JRSS) familiarization training is available on the Information Assurance Support Environment (IASE) portal. This training is focused on tools and devices and is intended for use by JRSS team members during the deployment and operationalization of the security stacks. URL: https://disa.deps.mil/ext/cop/iase/jrss/Pages/index.aspx

  • The Joint Information Environment (JIE) / Joint Regional Security Stacks (JRSS) Virtual Training Environment (VTE) will be established within the DISA Cybersecurity Range in Stafford, Virginia in the near future.  The VTE will provide increased capacity to train cybersecurity professionals on the knowledge, skills, and abilities required to fill JIE and JRSS cyber roles, and on individual tools and devices within the JIE and JRSS architectures.  The VTE will accommodate training from individually-focused traditional classroom/lab instruction; to virtual network distance training with connectivity to site-to-site or individual client remote locations; to training integrated with larger DoD and coalition cyber training exercises.

  • Role-based training for individuals and teams is currently in development.