Army prepping IA policy

The Army is moving a step closer to implementing a new information assurance policy as the service meshes its own policies with the Defense Department's directive.

The enterprise information assurance (IA) policy is one of the key pillars needed to support the Army Knowledge Management goals of defending networks, supporting the Objective Force and lowering the overall cost of technology, said Robert Ringdahl, chief integration officer at Network Enterprise Technology Command's Enterprise Systems Technology Activity.

The Army policy is in draft form and should be ready for release this fall, Ringdahl said during a June 5 speech at the Army Small Computer Program's Information Technology conference in Fort Lauderdale, Fla.

"It will be the Army's implementation policy of [DOD's 8500.1] directive," he told Federal Computer Week.

DOD's Directive 8500.1 was issued in October 2002 and instructs DOD agencies to protect data when it is shared across the Global Information Grid. Furthermore, DOD Instruction 8500.2, issued Feb. 6, sets forth the way that rules and policies in the directive are implemented. The document is designed to ensure that information-awareness training and education are provided to all military and civilian personnel in ways specific to their responsibilities for developing, using and maintaining DOD information systems.

"It's a long-standing practice that when DOD issues instructions, each service [then] does their own instructions," said Loren Thompson, a defense analyst at the Lexington Institute, an Arlington, Va., think tank. "This has less to do with information assurance than it does with military culture."

Thompson said securing the service's networks is critical to DOD's warfighting mission because the services could not function without access to timely, relevant data. "The fastest way to get the Army to do something is to issue their own policy." The Army and other armed forces could not have issued their internal IA policies prior to the DOD directive and instructions because they would have risked their guidance being incompatible with the departmentwide vision, he said.

Col. Ted Dmuchowski, director of IA at Netcom, said the new Army policy is really an updated regulation that will align and consolidate the service's IA goals and objectives to support DOD Directive 8500.1 and Instruction 8500.2.


Security philosophy

Col. Ted Dmuchowski, director of information assurance at the Network Enterprise Technology Command, noted that the "cornerstone philosophy of Army information assurance" is to:

* Design, implement and secure access, data, systems and repositories.

* Increase trust and improve trusted relationships.

* Employ technical and operational security mechanisms.

* Deny all unauthorized access.

* Permit necessary exceptions to support Army, Defense Department, and joint interagency and multinational tactical and base operations.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.