Army prepping IA policy

The Army is moving a step closer to implementing a new information assurance policy as the service meshes its own policies with the Defense Department's directive.

The enterprise information assurance (IA) policy is one of the key pillars needed to support the Army Knowledge Management goals of defending networks, supporting the Objective Force and lowering the overall cost of technology, said Robert Ringdahl, chief integration officer at Network Enterprise Technology Command's Enterprise Systems Technology Activity.

The Army policy is in draft form and should be ready for release this fall, Ringdahl said during a June 5 speech at the Army Small Computer Program's Information Technology conference in Fort Lauderdale, Fla.

"It will be the Army's implementation policy of [DOD's 8500.1] directive," he told Federal Computer Week.

DOD's Directive 8500.1 was issued in October 2002 and instructs DOD agencies to protect data when it is shared across the Global Information Grid. Furthermore, DOD Instruction 8500.2, issued Feb. 6, sets forth the way that rules and policies in the directive are implemented. The document is designed to ensure that information-awareness training and education are provided to all military and civilian personnel in ways specific to their responsibilities for developing, using and maintaining DOD information systems.

"It's a long-standing practice that when DOD issues instructions, each service [then] does their own instructions," said Loren Thompson, a defense analyst at the Lexington Institute, an Arlington, Va., think tank. "This has less to do with information assurance than it does with military culture."

Thompson said securing the service's networks is critical to DOD's warfighting mission because the services could not function without access to timely, relevant data. "The fastest way to get the Army to do something is to issue their own policy." The Army and other armed forces could not have issued their internal IA policies prior to the DOD directive and instructions because they would have risked their guidance being incompatible with the departmentwide vision, he said.

Col. Ted Dmuchowski, director of IA at Netcom, said the new Army policy is really an updated regulation that will align and consolidate the service's IA goals and objectives to support DOD Directive 8500.1 and Instruction 8500.2.

***

Security philosophy

Col. Ted Dmuchowski, director of information assurance at the Network Enterprise Technology Command, noted that the "cornerstone philosophy of Army information assurance" is to:

* Design, implement and secure access, data, systems and repositories.

* Increase trust and improve trusted relationships.

* Employ technical and operational security mechanisms.

* Deny all unauthorized access.

* Permit necessary exceptions to support Army, Defense Department, and joint interagency and multinational tactical and base operations.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.