System vulnerability is defined to be the intersection of a system susceptibility or flaw, access to the flaw, and the capability to exploit the flaw. Implementation of the ATSPI Three Tenets reduces vulnerabilities by reducing any or all of these areas.

System Susceptibility - The capacity of a system to be affected by a threat is reduced by the application of Tenet 1.

Access to the flaw - The ability of a threat to gain access to a system, either physically or logically (e.g. over the network) is mitigated by the application of Tenet 2.

Capability to exploit the flaw - The ability of the threat to employ the knowledge and tools necessary to exploit the system to achieve the desired goal is reduced by the application of Tenet 3.


Faithful adherence to the ATSPI Tenets will produce IT security systems that provide superior mitigation of nation-state class threats while being compatible with DoD IT systems deployed across the enterprise

SPI security products adhere to the ATSPI Three Tenets:

Tenet 1 - Focus on what's critical (shrinks susceptibility)

• Enumerate system access points and associated security elements
• Reduce access points to only those necessary to accomplish the mission

Tenet 2 - Move it 'Out of Band' (restricts threat access)

• Make critical access points and associated security elements less accessible to adversary

Tenet 3 - Detect, React, Adapt (deny threat capability)

• Impose appropriate penalties when attack is detected
• Reaction occurs inside threat's OODA loop
• Fight through the attack!

Program Approach: Next>>

Related Sites:

Air Force Research Laboratory

DoD Anti-Tamper Program

High Performance Computing Modernization Program

Director, Defense Research & Engineering

24th AF