DOD preps guidance

Forthcoming Pentagon instructions will shed light on how Defense Department organizations are expected to ensure that information is adequately protected on DOD systems.

The document is the second part of an effort to establish a formal information assurance (IA) policy to protect DOD information stored on systems departmentwide from unauthorized users.

The Pentagon issued a directive last October that provided a basic framework for protecting information. DOD Directive 8500.1, which took effect Oct. 24, 2002, asks the services to identify IA requirements and include them in the design, acquisition, installation, operation, upgrade and replacement of all DOD information systems.

DOD 8500.2 will provide detailed instructions on how to carry out that policy and how it will be enforced.

Last week, the instructions were delivered to John Stenbit, DOD chief information officer and assistant secretary of Defense for command, control communications and intelligence (ASD/C3I), said Donald Jones, a member of the ASD/C3I IA directorate. "With a little bit of luck, 8500.2 will be signed sometime this week," he said.

Directive 8500.1 calls for all DOD components to follow the "defense-in-depth" approach to information security, which relies on proper operational procedures and technologies such as encryption and firewalls to provide layered protection to all computers and networks.

The guidance also addresses supporting IA infrastructures that provide capabilities such as public-key management and incident detection and response, according to a DOD spokesperson.

"The guidance was developed largely in response to changing security needs brought about by DOD's growing dependence on interconnected information systems, particularly desktop computer networks, and increased concern about the protection of unclassified but sensitive information," the spokesperson said.

Jones said Directive 8500.1 lays out the policies, and the instructions in 8500.2 will detail how to "enforce and implement those policies." He added that the DOD community has been receptive to the new IA directive and feedback has been positive, but everyone is anxiously awaiting the instructions.

"The big issue has been to get the instructions out," Jones said. "They can't implement the policies in 8500.1 until they get 8500.2...but that requires careful coordination" on many levels.

Defense Secretary Donald Rumsfeld issued a memo earlier this month with the subject "Web Site OPSEC [operations security] discrepancies," stating that DOD needs to do a better job reviewing and removing data from public Web sites that adversaries could use to attack the United States.

The 8500.2 instructions also include guidance on establishing detailed controls on the availability and integrity of DOD Web sites that post information that can be publicly released, Jones said.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.