Army prepping IA policy

The Army is preparing an information assurance (IA) policy that will guide the way the service implements a Defense Department IA directive.

An enterprise information assurance policy is one of three key pillars needed to support the Army Knowledge Management (AKM) imperatives of defending networks, supporting the Objective Force and lowering the total cost of information technology ownership, said Robert Ringdahl, chief integration officer at Network Enterprise Technology Command's Enterprise Systems Technology Activity.

The Army policy is in draft form and should be ready for release by September, Ringdahl said during a June 5 speech at the Army Small Computer Program's IT conference.

"It will be the Army's implementation policy of [DOD's 8500.1] directive," he told Federal Computer Week.

Directive 8500.1 was issued in late October 2002 and calls for Defense agencies to protect data as it is shared across the Global Information Grid. Furthermore, DOD Instruction 8500.2, dated Feb. 6, sets forth the way that rules and policies in the directive are implemented. The instruction is designed to ensure that information awareness training and education are provided to all military and civilian personnel, specific to their responsibilities for developing, using and maintaining DOD information systems.

Col. Ted Dmuchowski, director of information assurance at the Network Enterprise Technology Command, said the new Army policy is really an updated information assurance regulation that will align and consolidate the service's information assurance goals and objectives to support DOD Directive 8500.1 and Instruction 8500.2.

"The policy will reduce the manageability requirements of information systems, minimize the effects of unauthorized access or loss, and increase the effectiveness of IA integration as part of the life cycle of all information systems, Dmuchowski said.

He noted that the "cornerstone philosophy of Army information assurance" is to:

* Design, implement and secure accesses, data, systems and repositories.

* Increase trust and trusted relationships.

* Employ technical and operational security mechanisms.

* Deny all unauthorized accesses.

* Permit necessary exceptions to support Army, DOD, and Joint interagency and multinational tactical and sustaining-base operations.

In addition to creating the Army's information assurance policy, Ringdahl said the service must deal with two other key pillars to support its AKM imperatives: the role of reimbursable funding vs. cost funding, and the role of Microsoft Corp. — which appears to be clearer with the May 30 award of an enterprise software agreement.

The funding question is "evolving and [is] a topic of intense discussion" among the Army's IT leaders, he said, adding that decisions must be made whether reimbursements will be done at the individual user or major command level.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.