[ISN] Army prepping IA policy

From: InfoSec News (isnat_private)
Date: Mon Jun 09 2003 - 22:22:15 PDT

  • Next message: InfoSec News: "[ISN] Cryptography at the core of sound IT security"

    http://www.fcw.com/fcw/articles/2003/0609/web-armyia-06-09-03.asp
    
    By Dan Caterinicchia 
    June 9, 2003 
    
    The Army is preparing an information assurance (IA) policy that will
    guide the way the service implements a Defense Department IA
    directive.
    
    An enterprise information assurance policy is one of three key pillars
    needed to support the Army Knowledge Management (AKM) imperatives of
    defending networks, supporting the Objective Force and lowering the
    total cost of information technology ownership, said Robert Ringdahl,
    chief integration officer at Network Enterprise Technology Command's
    Enterprise Systems Technology Activity.
    
    The Army policy is in draft form and should be ready for release by
    September, Ringdahl said during a June 5 speech at the Army Small
    Computer Program's IT conference.
    
    "It will be the Army's implementation policy of [DOD's 8500.1]
    directive," he told Federal Computer Week.
    
    Directive 8500.1 was issued in late October 2002 and calls for Defense
    agencies to protect data as it is shared across the Global Information
    Grid. Furthermore, DOD Instruction 8500.2, dated Feb. 6, sets forth
    the way that rules and policies in the directive are implemented. The
    instruction is designed to ensure that information awareness training
    and education are provided to all military and civilian personnel,
    specific to their responsibilities for developing, using and
    maintaining DOD information systems.
    
    Col. Ted Dmuchowski, director of information assurance at the Network
    Enterprise Technology Command, said the new Army policy is really an
    updated information assurance regulation that will align and
    consolidate the service's information assurance goals and objectives
    to support DOD Directive 8500.1 and Instruction 8500.2.
    
    "The policy will reduce the manageability requirements of information
    systems, minimize the effects of unauthorized access or loss, and
    increase the effectiveness of IA integration as part of the life cycle
    of all information systems, Dmuchowski said.
    
    He noted that the "cornerstone philosophy of Army information
    assurance" is to:
    
    * Design, implement and secure accesses, data, systems and
      repositories.
    
    * Increase trust and trusted relationships.
    
    * Employ technical and operational security mechanisms.
    
    * Deny all unauthorized accesses.
    
    * Permit necessary exceptions to support Army, DOD, and Joint
      interagency and multinational tactical and sustaining-base
      operations.
    
    In addition to creating the Army's information assurance policy,
    Ringdahl said the service must deal with two other key pillars to
    support its AKM imperatives: the role of reimbursable funding vs. cost
    funding, and the role of Microsoft Corp. -- which appears to be
    clearer with the May 30 award of an enterprise software agreement.
    
    The funding question is "evolving and [is] a topic of intense
    discussion" among the Army's IT leaders, he said, adding that
    decisions must be made whether reimbursements will be done at the
    individual user or major command level.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jun 09 2003 - 23:58:02 PDT