Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] DOD issues more information assurance instructions,

DOD issues more IA instructions

By Matthew French 
Feb. 27, 2003

The Pentagon recently issued the second part of its information 
assurance (IA) policy that sets guidelines on using Defense Department 

DOD Instruction 8500.2 sets forth implementation of the rules and 
policies in Directive 8500.1, which was issued in late October 2002.

The directive calls for the different agencies within DOD to protect 
its data as it is shared across the Global Information Grid (GIG). 
Instruction 8500.2, dated Feb. 6, "implements policy, assigns 
responsibilities, and prescribes procedures for applying integrated, 
layered protection of the DOD information systems and networks."

"The Department of Defense has a crucial responsibility to protect and 
defend its information and supporting information technology," the 
8500.2 policy states. "Factors that contribute to its vulnerability 
include increased reliance on commercial [IT] and services; increased 
complexity and risk propagation through interconnection; the extremely 
rapid pace of technological change; a distributed and nonstandard 
management structure; and the relatively low cost of entry for 

Donald Jones, a member of the IA Directorate for the Office of the 
Assistant Secretary of Defense for Command, Control, Communications 
and Intelligence, said 8500.2 offers the different parts of DOD the 
guidance necessary to implement the rule in 8500.1.

DOD Directive 8500.1 makes it departmentwide policy for IA 
requirements to be identified and included in the design, acquisition, 
installation, operation, upgrade and replacement of all DOD 
information systems. 

"The guidance [8500.1] was developed largely in response to changing 
security needs brought about by DOD's growing dependence on 
interconnected information systems, particularly desktop computer 
networks, and increased concern about the protection of unclassified 
but sensitive information," according to a DOD spokesperson.

8500.2 indicates the Defense IA program is predicated upon five 
essential competencies that ensure a successful risk management 
program, which include:

* The ability to assess security needs and capabilities.

* The ability to develop a purposeful security design or configuration 
  that adheres to a common architecture and maximizes the use of 
  common services.

* The ability to implement required controls or safeguards.

* The ability to test and verify.

* The ability to manage changes to an established baseline securely.

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.