DOD preps security instructions

Forthcoming Pentagon instructions will shed light on how Defense Department organizations are expected to ensure information is stored on DOD systems adequately.

The Pentagon initially issued a directive last October that gave a basic framework for providing information assurance (IA). DOD Directive 8500.1, which became effective Oct. 24, 2002, calls for information assurance requirements to be identified and included in the design, acquisition, installation, operation, upgrade and replacement of all DOD information systems.

DOD 8500.2 will provide more detailed instructions on how to carry the preceding policy and how it will be enforced.

The policy is expected to be delivered Jan. 23 to John Stenbit, the assistant secretary of Defense for command, control communications and intelligence (ASD/C3I) and DOD chief information officer, said Donald Jones, a member of the ASD/C3I IA directorate, adding that "with a little bit of luck, [8500.2] will be signed within one week."

Directive 8500.1 calls for all DOD components to follow the "defense-in-depth" approach to information security, which relies on proper operational procedures in conjunction with technologies, such as encryption and firewalls, to provide layered protection to all computers and networks.

The guidance also addresses supporting IA infrastructures that provide capabilities, such as public-key management and incident detection and response, according to a DOD spokesperson.

"The guidance was developed largely in response to changing security needs brought about by the DOD's growing dependence on interconnected information systems, particularly desktop computer networks, and increased concern about the protection of unclassified but sensitive information," the spokesperson said.

Jones said Directive 8500.1 lays out the policies and the instructions in 8500.2 will detail how to "enforce and implement those policies." He added that the DOD community has been receptive to the new IA directive and feedback has been positive, but everyone is anxiously awaiting the instructions.

"The big issue has been to get the instructions out," Jones said. "They can't implement the policies in 8500.1 until they get 8500.2...but that requires careful coordination" on many levels.

The 8500.2 instructions also include guidance on establishing detailed controls on the availability and integrity of DOD Web sites that post publicly releasable information, Jones said.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.