[ISN] DOD issues more IA instructions

From: InfoSec News (isnat_private)
Date: Thu Feb 27 2003 - 22:52:31 PST

  • Next message: InfoSec News: "[ISN] Beijing spies a useful friend in Castro"

    By Matthew French 
    Feb. 27, 2003
    The Pentagon recently issued the second part of its information 
    assurance (IA) policy that sets guidelines on using Defense Department 
    DOD Instruction 8500.2 sets forth implementation of the rules and 
    policies in Directive 8500.1, which was issued in late October 2002.
    The directive calls for the different agencies within DOD to protect 
    its data as it is shared across the Global Information Grid (GIG). 
    Instruction 8500.2, dated Feb. 6, "implements policy, assigns 
    responsibilities, and prescribes procedures for applying integrated, 
    layered protection of the DOD information systems and networks."
    "The Department of Defense has a crucial responsibility to protect and 
    defend its information and supporting information technology," the 
    8500.2 policy states. "Factors that contribute to its vulnerability 
    include increased reliance on commercial [IT] and services; increased 
    complexity and risk propagation through interconnection; the extremely 
    rapid pace of technological change; a distributed and nonstandard 
    management structure; and the relatively low cost of entry for 
    Donald Jones, a member of the IA Directorate for the Office of the 
    Assistant Secretary of Defense for Command, Control, Communications 
    and Intelligence, said 8500.2 offers the different parts of DOD the 
    guidance necessary to implement the rule in 8500.1.
    DOD Directive 8500.1 makes it departmentwide policy for IA 
    requirements to be identified and included in the design, acquisition, 
    installation, operation, upgrade and replacement of all DOD 
    information systems. 
    "The guidance [8500.1] was developed largely in response to changing 
    security needs brought about by DOD's growing dependence on 
    interconnected information systems, particularly desktop computer 
    networks, and increased concern about the protection of unclassified 
    but sensitive information," according to a DOD spokesperson.
    8500.2 indicates the Defense IA program is predicated upon five 
    essential competencies that ensure a successful risk management 
    program, which include:
    * The ability to assess security needs and capabilities.
    * The ability to develop a purposeful security design or configuration 
      that adheres to a common architecture and maximizes the use of 
      common services.
    * The ability to implement required controls or safeguards.
    * The ability to test and verify.
    * The ability to manage changes to an established baseline securely.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Feb 28 2003 - 01:07:05 PST