DOD reinforces info assurance

The Defense Department issued a proposed rule today that would amend the Defense Federal Acquisition Regulations Supplement (DFARS) to address information assurance requirements in the acquisition of information technology.

The rule will formally implement the information assurance policy issued in January 2000 by the National Security Telecommunications and Information Systems Security Committee. The policy states that information assurance should be considered as a requirement for all systems used to enter, process, store, display or transmit national security information.

The Pentagon recently issued a two-part information assurance policy that sets guidelines on using DOD networks. DOD Instruction 8500.2 sets forth implementation of the rules and policies in Directive 8500.1, which was issued in late October 2002.

The directive calls for the different agencies within DOD to protect data as it is shared across the Global Information Grid. Instruction 8500.2, dated Feb. 6, is designed to ensure that information awareness training and education are provided to all military and civilian personnel, specific to their responsibilities for developing, using and maintaining DOD information systems.

"The Department of Defense has a crucial responsibility to protect and defend its information and supporting information technology," the 8500.2 policy states. "Factors that contribute to its vulnerability include increased reliance on commercial [IT] and services; increased complexity and risk propagation through interconnection; the extremely rapid pace of technological change; a distributed and nonstandard management structure; and the relatively low cost of entry for adversaries."

The proposed DFARS amendment, which was posted on the Federal Register May 23, includes a request for comments through July 22. Interested parties, including small businesses, can submit comments directly online at: http://emissary.acq.osd.mil/dar/dfars.nsf/pubcomm.