[ISN] DOD preps security directions

From: InfoSec News (isnat_private)
Date: Thu Jan 23 2003 - 03:22:43 PST

  • Next message: InfoSec News: "[ISN] Security UPDATE, January 22, 2003"

    By Dan Caterinicchia 
    Jan. 23, 2003
    A forthcoming Pentagon directive will shed light on how Defense 
    Department organizations are expected to ensure information is stored 
    on DOD systems adequately.
    The Pentagon initially issued a directive last October that gave a 
    basic framework for providing information assurance (IA). DOD 
    Directive 8500.1, which became effective Oct. 24, 2002, calls for 
    information assurance requirements to be identified and included in 
    the design, acquisition, installation, operation, upgrade and 
    replacement of all DOD information systems. 
    DOD Directive 8500.2 will provide more detailed instructions on how to 
    carry the preceding policy and how it will be enforced.
    The policy is expected to be delivered Jan. 23 to John Stenbit, the 
    assistant secretary of Defense for command, control communications and 
    intelligence (ASD/C3I) and DOD chief information officer, said Donald 
    Jones, a member of the ASD/C3I IA directorate, adding that "with a 
    little bit of luck, [8500.2] will be signed within one week."
    Directive 8500.1 calls for all DOD components to follow the 
    "defense-in-depth" approach to information security, which relies on 
    proper operational procedures in conjunction with technologies, such 
    as encryption and firewalls, to provide layered protection to all 
    computers and networks.
    The guidance also addresses supporting IA infrastructures that provide 
    capabilities, such as public-key management and incident detection and 
    response, according to a DOD spokesperson.
    "The guidance was developed largely in response to changing security 
    needs brought about by the DOD's growing dependence on interconnected 
    information systems, particularly desktop computer networks, and 
    increased concern about the protection of unclassified but sensitive 
    information," the spokesperson said.
    Jones said Directive 8500.1 lays out the policies and Directive 8500.2 
    will detail how to "enforce and implement those policies." He added 
    that the DOD community has been receptive to the new IA directive and 
    feedback has been positive, but everyone is anxiously awaiting the 
    "The big issue has been to get the instructions out," Jones said. 
    "They can't implement the policies in 8500.1 until they get 8500.2…but 
    that requires careful coordination" on many levels.
    Directive 8500.2 also includes instructions on establishing detailed 
    controls on the availability and integrity of DOD Web sites that post 
    publicly releasable information, Jones said. 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 06:22:06 PST