DOD plans information assurance policy

A comprehensive information assurance architecture should be in place about a year from now, the director of information assurance for the Defense Department said today.

The department has long been pursuing an architecture that it can point to as a model for how problems associated with information assurance can be overcome. Toward that goal, the department will issue four documents in the next four months, said Robert Lentz, DOD's director of information assurance.

"The information assurance architecture is clearly the most important thing we're working on right now," Lentz said. "And these four policy documents will play a very important role in bringing that architecture into being."

The first two, due in a matter of weeks, will be for wireless and what he termed "ports and protocol." The other two policy areas — certification and accreditation and education and training — will follow by early January.

"Wireless is something we've been working on for some time now," Lentz said, speaking this morning at the E-Gov Information Assurance conference. "It's almost ready to go. Ports and protocol should be out in the next six to eight weeks as well."

Ports and protocol represents a fundamental change in thinking about DOD's Computer Network Defense, replacing the philosophy of "deny by exception" with "permit by exception," according to Defense documents.

Perhaps the trickiest policy to be developed so far, Lentz said, is for education and training. While certification and accreditation deals with networks, education and training deals with people.

"We've never done a personnel-oriented policy in information assurance before," he said.

Lentz and his boss, DOD chief information officer John Stenbit, have asserted that the largest security hole in the department's information assurance battle is the people connected to the network. Defense networks have been crippled not necessarily because of malicious intent, but because personnel either weren't trained properly or ignored safety protocols.


  • innovation (Sergey Nivens/

    VA embraces procurement challenges at scale

    Steve Kelman applauds the Department of Veterans Affairs' ambitious attempt to move beyond one-off prize-based contests to combat veteran suicides more effectively.

  • big data AI health data

    Where did the ideas for shutdowns and social distancing come from?

    Steve Kelman offers another story about hero civil servants (and a good president).

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.