Document |
Description |
Last
Modified |
Executive
Orders |
|
|
E.O. Library |
Executive
Orders Home Page |
Various |
E.O.12333 |
U.S.
National Archives and Records Administration |
Dec
04, 1981 |
E.O.12958 |
Classified
National Security Information |
April
20, 1995 |
E.O.13103 |
Computer
Software Piracy |
Sept
30, 1998 |
E.O.13130 |
National
Infrastructure Assurance Council |
July
14, 1999 |
E.O.13231 |
Critical
Infrastructure Protection in the Information Age |
Oct
18, 2001 |
E.O.13284 |
The
Establishment of the Department of Homeland Security, dated January
28, 2003 |
Jan
28, 2003 |
Executive Order |
Strengthening
the Sharing of Terrorism Information to Protect Americans |
Aug
27, 2004 |
Executive
Order |
National
Counterterrorism Center |
Aug
27, 2004 |
Executive
Order |
Strengthened
Management of the Intelligence Community |
Aug
27, 2004 |
National Security Directives |
|
|
NSD - 1989 - 1993 |
National
Security Directives |
1989
- 1993 |
NSDD - Reagan |
National
Security Decision Directives Library |
1981
- 1989 |
White
House |
|
|
National
Strategy on Homeland Security |
Homeland
Security |
July
2002 |
Senate |
|
|
GISA |
Government
Information Security Act of 2000 |
May
10, 2000 |
Privacy Law |
Lawmakers
Roll Out Another Privacy Bill |
Jan
20, 2001 |
U.S. Congress' Cyber
Security Act of 2000 |
Security
Act of 2000 |
April
12, 2000 |
S-1999 |
S.1993
- To Reform Government Information Security by Strengthening Information
Security Practices Throughout the Federal Government |
Mar
28, 2001 |
House
of Representatives |
|
|
House of Representatives
Bill: Introduction of the Cyber Security Information Act of 2000 |
The
Cyber Security Information Act of 2000 |
April
12, 2000 |
H.R.
1259 |
Computer
Security Enhancement Act of 2001 |
Mar
28, 2001 |
H.R. 2281
|
Digital Millennium Copyright Act (DCMA) |
Oct
28, 1998 |
H.R. 2458-48 |
Federal
Information Security Management Act of 2002 (Title III of E-Gov) |
Jan
23, 2002 |
Homeland Security |
|
|
Hspd-7 |
17
Dec 2003 Homeland Security Presidential Directive.
Subject: Critical Infrastructure Identification, Prioritization,
and Protection. |
Dec
17, 2003 |
Office of Management and Budget Circulars |
|
|
OMB 123 |
Management
Accountability and Control |
June
21, 1995 |
OMB A130
Transmittal Number 4 |
Management
of Federal Information Resources |
Jan
28, 2000 |
OMB Circulars |
Link
to OMB Web Site OMB - Circulars in Numerical Sequence
| Various
|
Privacy Policies on
Federal Web Sites |
Office
of Management and Budget Privacy Policies (M-99-18) |
June
02, 1999 |
Privacy Policies and
Data Collection on Federal Web Sites |
Office
of Management and Budget Privacy Policies and Data Collection
(M-00-13) |
June
22, 2000 |
M-01-05 |
Guidance
on Inter-Agency Sharing of Personal Data-Protecting Personal Privacy |
Dec
20, 2000 |
M-01-24 |
Reporting
Instructions for the Government Information Security Reform Act |
June
22, 2001 |
M-02-01 |
Guidance
for Preparing and Submitting Security Plans of Action and Milestones |
Oct
17, 2001 |
Federal Information Processing Standards Publications |
|
|
FIPS 46-3 |
Data
Encryption Standard (DES); specifies the use of Triple DES |
Oct
25, 1999 |
FIPS
102 |
Guidelines
for Computer Security Certification and Accreditation |
Various |
FIPS 140-2 |
Security
Requirements for Cryptographic Modules |
Jan
11, 1994 |
FIPS 197 |
Advanced
Encryption Standard (AES) |
Nov
26, 2001 |
FIPS
198 |
The
Keyed-Hash Message Authentication Code (HMAC) |
April
02, 2002 |
Public Law |
|
|
FISMA
Act of 2002 |
Federal
Information Management Act (FISMA) of 2002 |
Various |
Public Law 93-579 |
Privacy
Act of 1974 |
May
2002 |
Public Law
99-474 |
Computer
Fraud and Abuse Act of 1986 |
1996 |
Public Law 100-235 |
Computer
Security Act of 1987 |
June
11, 1987 |
Public
Law 106-344 |
Title
10. Armed Forces
Subtitle A. General Military Law
Part IV. Service, Supply, and Procurement
Chapter 131. Planning and Coordination
| Oct
20, 2000
|
Department of Defense (DoD) Level Policy References |
|
|
Secretary
of Defense Message to DoD |
Web
site OPSEC Discrepancies |
Jan
14, 2003 |
Washington Headquarters Services |
DoD
Directives and Records Branch |
Various |
Common
Access Card (CAC) Memorandum |
Smart
Card Adoption and Implementation, dated November 10, 1999 |
Nov
10, 1999 |
Open Source Software (OSS) in
the Department of Defense (DoD) Memorandum
| Open
Source Software in the Department of Defense (DoD) Memorandum,
dated May 28 2003 |
May
28, 2003 |
DoD Telework Policy |
DoD Telework
Policy |
Undated |
DoD Telework Guidance |
DoD Telework
Guidance |
Undated |
Compliance with
DoD Web Site Administration Policy |
DoD
Internet Practices and Policies |
May
31, 2001 |
Destruction
of DoD Computer Hard Drives Prior to Disposal |
Destruction
of DoD Computer Hard Drives Prior to Disposal Memorandum
by Deputy Secretary of Defense dated January 8, 2001 |
Jan
08, 2001 |
Disposition
of Unclassified DoD Computer Hard Drives |
Disposition
of Unclassified DoD Computer Hard Drives Memorandum by Assistant
Secretary of Defense dated June 4, 2001 |
June
04, 2001 |
DoD
Instruction 4630.8 |
Procedures
for Interoperability and Supportability of Information Technology
(IT) and National Security Systems (NSS) |
June
30, 2004 |
DoDI 5120.4 |
Electronic
Newspaper Policy |
May
29, 1996 |
DoDD 5200.1 |
DoD
Information Security Program. |
Dec
13, 1996 |
DoDD 5200.2 |
DoD
Personnel Security Program. |
April
09, 1999 |
DoDI
5200.40 |
DoD
Information Technology Security Certification and Accreditation
Process (DITSCAP). |
Dec
30, 1997 |
DoDD 5215.1 |
DoD
Computer Security Evaluation Center. |
Oct
25, 1982 |
DoDD 5220.22 |
DoD
Industrial Security Program. |
Dec
08, 1980 |
DoDD 5230.9 |
Clearance
of DoD Information for Public Release. |
Nov
21, 2003 |
DoDI 5230.29 |
Security
and Policy Review of DoD Information for Public Release. |
Aug
06, 1999 |
DoDD 8100.1 |
Global
Information Grid Overarching Policy. |
Sept
19, 2002 |
DoDD
8100.2 |
DoD Directive
8100.2, Use of Commercial Wireless Devices, Services, and Technologies
in the Department of Defense (DoD) Global Information Grid (GIG),
dated 4/14/2004. |
April
14, 2004 |
DoDI
8100.3 |
DoD Instruction
8100.3, Department of Defense (DoD) Voice Networks, dated 1/16/2004.
This Instruction implements Section 353 of Public Law 107-314
and DoD Directive 8100.1. |
Jan
16, 2004 |
DoDI
8110.1 |
DoD Instruction
8110.1, Multinational Information Sharing Networks Implementation,dated
2/6/2004. This Instruction implements policy under DoD Directive
8100.1. |
Feb
06, 2004 |
DoDD
8500 Tutorial |
DoD Information Assurance (IA) Policy and
Implementation. |
Nov
21, 2003 |
DoDD 8500.1 |
DoD
Directive 8500.1, "Information Assurance (IA)," dated October
24, 2002. |
Oct
24, 2002 |
FAQ's for DoDD 8500.1 |
Frequently asked questions: DoD Directive
8500.1, dated January 21, 2003. |
Jan
21, 2003 |
DoDI 8500.2
|
DoD Instruction 8500.2, Information Assurance
(IA) Implementation, dated February 6, 2003. |
Feb
06, 2003 |
FAQ's for DoDI 8500.2 |
Frequently
asked questions: DoD Instruction 8500.2, dated March 20, 2003.
| Apr
20, 2003
|
DoD 8510.1-M |
DoD
Information Technology Security Certification and Accreditation
Process (DITSCAP) Application Document. |
July
31, 2000 |
DoDD
8520.1 |
DoD Directive 8520.1, "Protection of Sensitive
Compartmented Information (SCI)," dated December 20, 2001 |
Dec
20, 2003 |
DoDD_O_8530.1 |
A DoD PKI Certificate is required to access
this area. |
Jan
08, 2001 |
DoD O-8530.1-M
|
A DoD PKI Certificate is required to access
this area. |
Dec
17, 2003 |
DoD
Instruction 8551.1 |
Ports, Protocols,
and Services Management (PPSM) |
Aug 13, 2004 |
DoD
Directive 8570.1 |
Information
Assurance Training, Certification, and Workforce Management |
Aug
15, 2004 |
DoDI
8580.1 |
Information
Assurance (IA) in the Defense
Acquisition System |
July
9, 2004 |
FAQs
for 8580.1 |
Frequently
Asked Questions: DoDI 8580.1 |
Aug
5, 2004 |
Information
Assurance (IA) Training and Certification |
This USD(P&R)
and ASD(C3I) Memorandum has been superseded by DoDI 8570.1, "Information
Assurance Training, Certification, and Workforce Management" |
June
29, 1998 |
IA
in the Defense Acquisition Guidebook |
IA Section
of the Draft Defense Acquisition Guidebook |
July
9, 2004 |
DoD CIO Annual
Information Assurance Report, FY 2000 |
DoD CIO Annual Information Assurance
Report |
Apr
2000 |
DoD Deployment
of Windows 2000 Update |
Windows 2000 Guidance Update |
Apr
6, 2001 |
DoD Guidance and
Policy Memorandums |
DoD
Chief Information Officer (CIO) Guidance and Policy Memorandums
(G&PMs) |
Various |
DoD
Information Management (IM) Strategic Plan |
DoD
IM Strategic Plan |
Oct 19, 1999 |
DoD Implementation
of the Recommendations of the IA and IT Integrated Process Team
on Training, Certification, and Personnel Management |
Implementation
of the Recommendations of the Information Assurance and Information
Technology Integrated Process Team on Training, Certification,
and Personnel Management in the Department of Defense |
July
14, 2000 |
DoD IT Standards Registry (DISR
online) (Formerly DoD Joint Technical Architecture)
| DoD
IT Standards Registry (DISR) |
Various |
DoD
Key Recovery Policy Version 2.0 |
Key Recovery Policy for the US DoD
Version 2, dated May 31, 2002 |
May
31, 2002 |
DoD PKI Memorandum |
|
Aug
12, 2000 |
DoD PKI Road Map |
|
Dec
18, 2000 |
DoD
Policy Guidance for use of Mobile Code |
Policy
Guidance for use of Mobile Code Technologies in Department of
Defense (DoD) Information Systems Memorandum |
Nov
07, 2000 |
DoD
Ports, Protocol, and Services |
ASD/C31 Memorandum "Increasing Security at
the Internet/DISN Boundary" January 28, 2003 |
Jan
28, 2003 |
DoD Quadrennial Defense Review |
Defense
Strategy |
Sept
30, 2001 |
DoD X.509 Certificate Policy
Version 6.0 |
X.509 Certificate
Policy for the US DoD, Version 6
|
May 31,
2002
|
National
Industrial Security Program Operating Manual (NISPOM) |
1995
NISPOM incorporating Change One (July 1997) & Change Two (Feb
2001) |
Feb
2001 |
Pentagon
Area Common Information Technology (IT) Wireless Security Policy |
This document provides guidelines for implementing
wireless technologies in the Pentagon and swing spaces. |
Sept
25, 2002 |
Privacy Policies
and Data Collection on DoD Public Web Sites |
Assistant
Secretary of Defense Memorandum |
July
13, 2000 |
Policy for
Registration of Extensible Markup Language |
Assistant
Secretary of Defense Memorandum |
April
22, 2002 |
DoD
Electromagnetic Spectrum Management Strategic Plan |
Deputy Secretary of Defense Strategic Plan. |
October
2002 |
DoD Web site Administration |
DoD
Web Masters Policies and Guidelines |
Various |
DoD
Web site Site Policies and Procedures |
DoD
Web Site Administration Policies and Procedures (with amendments)
- Updated 11 January 2002 |
Jan
11, 2002 |
Chairman of the Joint Chiefs of Staff |
|
|
Joint
Electronic Library
| Joint Doctrine, Education and Training Resources. |
Various |
CJCSI_6211.02B
| This site restricted to *.gov and *.mil
addresses |
July
21, 2003 |
CJCSI
6212.01C |
Interoperability
and Supportability of Information Technology and National Security
Systems |
Nov
20, 2003 |
CJCSI_6510_01D
(supersedes CJCSI 6510.01C) |
Information
Assurance (IA) and Computer Network Defense (CND). |
June
15, 2004 |
CJCSM_6510.01 |
A DoD PKI Certificate is required to access
this area. |
Mar
25, 2003 |
National Security Agency |
|
|
NSA
Security Guides |
National
Security Agency Security Guides |
Various |
Department of the Army |
|
|
HQ
AMC Information Assurance |
HQ Army
Materiel Command (AMC) Information Assurance |
Various |
AR 12-7 |
Security
Assistance Teams |
June
15, 1998 |
AR 12-12 |
Processing
Discrepancy Reports Against Foreign Military Sales Shipments |
Dec
17, 1991 |
AR25-1 |
The
Army Information Resources Management Program |
May
31, 2002 |
AR
25-2 |
Information
Assurance |
Nov
14, 2003 |
AR70-1 |
Army
Acquisition Policy |
Dec
31, 2003 |
AR
380-4 |
DA
Physical Security Program in the National Capital Region |
Apr
15, 1982 |
AR 380-5 |
Department
of the Army Information Security Program |
Sept
29, 2000 |
AR 380-6 |
Laser
Guidance System Security Classification Guide |
Dec
01, 1983 |
AR
380-10 |
Foreign
Disclosure, Technology Transfer, and Contacts with Foreign Representatives |
June
06, 2003 |
AR 380-13 |
Acquisition
and Storage of Information Concerning Non-affiliated Persons and
Organizations |
Sept
30, 1974 |
AR 380-49 |
Industrial
Security Program |
Apr
15, 1982 |
AR 380-53 |
Information
Systems Security Monitoring |
Apr
29, 1998 |
AR 380-58 |
Security
Classification of Airborne Sensor Imagery and Imaging Systems |
Feb
28, 1991 |
AR 380-67 |
The
Department of Army Personnel Security Program |
Sept
09, 1998 |
AR 380-86 |
Classification
of Former Chemical Warfare, Chemical and Biological Defense, and
Nuclear, Biological, Chemical Contamination Survivability Information |
Mar
15, 2002 |
AR 380-381 |
Special
Access Programs (SAPS) |
Apr
21, 2004 |
INFOSEC Documents
Library 380 Series |
Security |
Various |
INFOSEC Documents
Library 12 Series |
Security
Assistance and International Logistics |
Various |
Department of the Navy |
|
|
Department of Navy Directives
| Navy Electronic
Directives System |
Various |
INFOSEC Documents Library |
|
Various |
Department of the Air Force |
|
|
Air Force
Electronic Publication |
|
Various |
AFPD31-4 |
Information
Security |
Sept
01, 1998 |
AFPD31-6 |
Industrial
Security |
Apr
01, 2000 |
AFSSI/AFSSM |
Air Force Systems Security Instructions and
Manuals
This site restricted to *.gov and *.mil addresses |
Various |
Air
Force SSI 5021 |
Time
Compliance Network Order (TCNO) Management and Vulnerability and
Incident Reporting |
Feb
12, 2003 |
Marine Corps |
|
|
USMC References |
|
Various |
IRM5239-06 |
Data
Access Security |
Undated |
IRM5239-08-A |
Computer
Security Procedures |
May
03, 1995 |
IRM5239-09 |
Contingency
Planning |
July
05, 1989 |
IRM5239-10 |
Small
Computer Systems Security |
May
23, 1990 |
IRM5239-12 |
Project
Managers Security Handbook |
Dec
17, 1990 |
IRM5239-13 |
System
Security Plans |
Apr
30, 1991 |
MCO5239.2 |
Marine
Corps Information Assurance Program (MCIAP) |
Nov
18, 2002 |
MCO5271.1A |
IRM
Standards and Guidelines Program |
June
10, 1993 |
Defense Information Systems Agency |
|
|
DISA Publications |
DISA
Publications Page |
|
Defense
Switched Network (DSN)
| The Defense
Switched Network (DSN) Page
|
Various |
DSN
IA Policy
| The Defense
Switched Network (DSN) IA Documents |
Various |
DSN
IA Information
| The Defense
Switched Network (DSN) |
Various |
DoD IT Standards Registry (DISR)
DISRonline (Formerly DoD Joint Technical Architecture)
| DoD
IT Standards Registry (DISR) (Formerly DoD Joint Technical Architecture
(JTA) |
Various |
DISA I630-230-19 |
Automated
Data Processing - Information Systems Security Program |
July
09, 1996 |
DISA Instruction 630-225-7
(Only available to DISANet
users) |
Web
Policies and Products Internet, Intranet, and World Wide Web Policy |
|
Windows 2000 DISA Policy
Memorandum |
Deployment
of the Windows 2000 Operating System on the DISANet **only
available to those with access to datahouse |
|
General Accounting Office (GAO) |
|
|
Management Planning Guide
for Information Systems Security Auditing |
Management Planning Guide for Information
Systems Security Auditing, dated December 10, 2001 |
Dec
10, 2001 |
Combating Terrorism |
Selected
challenges and related recommendations. |
Sept
2001 |
Advances
and Remaining Challenges to Adoption
of PKI |
This
report provides an assessment of the issues and challenges the
government faces in adopting PKI. |
Feb
2001 |
AIMD-00-140 |
Information
Security: Vulnerabilities in DOE's Systems for Unclassified
Civilian Research |
June
2000 |
AIMD-00-188R |
Information
Security: Software Change Controls at the Department of
Defense |
June
30, 2000 |
AIMD-00-192R |
Information
Security: Software Change Controls at the Department of
Labor |
June
30, 2000 |
AIMD-00-193R |
Information
Security: Software Change Controls at the Department of
Transportation |
June
30, 2000 |
AIMD-00-199R |
Information
Security: Software Change Controls at the Department of
State |
June
30, 2000 |
AIMD-00-200R |
Information
Security: Software Change Controls at the Department of the Treasury |
June
30, 2000 |
AIMD-00-215 |
Information
Security: Fundamental Weaknesses Place EPA Data and Operations
at Risk |
July
2000 |
AIMD-00-295 |
Information
Security: Serious and Widespread Weaknesses Persist at Federal
Agencies |
Sept
2000 |
AIMD-96-84 |
Computer
Attacks at the Department of Defense Pose Increasing Risks |
May
1996 |
AIMD-99-107 |
Information
Security: Serious Weaknesses Continue to Place Defense Operations
at Risk |
Aug
1999 |
GAO-01-113T |
Comparison
of Federal Agency Practices With FTC's Fair Information Principles |
Oct
11, 2000 |
GAO-01-147R |
Internet
Privacy: Federal Agency Use of Cookies |
Oct
20, 2000 |
GAO-01-263 |
High
Risk Series: An Update |
Jan
2001 |
GAO-04-467
|
Information
Security - Technologies to Secure Federal Systems |
Mar
2004 |
GGD-00-191 |
Internet
Privacy: Agencies' Efforts to Implement OMB's Privacy Policy |
Sept
2000 |
T-RCED-00-225 |
Nuclear
Security: Information on DOE's Requirements for Protecting
and Controlling Classified Documents |
June
27, 2000 |
T-AIMD-00-229 |
Critical
Infrastructure Protection: Comments on the Proposed Cyber
Security Information Act of 2000 |
June
22, 2000 |
T-AIMD-00-314 |
Computer
Security: Critical Federal Operations and Assets Remain
at Risk |
Sept
11, 2000 |
T-AIMD-00-321 |
VA
Information Technology: Progress Continues Although Vulnerabilities
Remain |
Sept
11, 2000 |
T-AIMD-00-330 |
FAA
Computer Security: Actions Needed to Address Critical Weaknesses
That Jeopardize Aviation Operations |
Sept
27, 2000 |
GAO-02-407 |
Information
Security: Additional Actions Needed to Fully Implement Reform
Legislation. |
May
2002 |
National Institute of Standards and Technology (NIST) |
|
|
NIST Library |
NIST Computer Security Resource Center
(CSRC) |
Various |
NISTIR
7100 |
PDA Forensics
Tools: An Overview and Analysis |
Aug
2004 |
Proposed
E-Authentication policy |
The General Services Administration, in coordination
with OMB, has published a proposed E-Authentication policy for
public comment. GSA is requiring that agencies implement the E-Authentication
Policy, which establishes four assurance levels to create a Government
wide standard framework for determining what is required to access
a particular Government transaction online. Comments are being
accepted through August 11. |
June
11, 2003 |
Special
Publication 800-23 |
Guidelines
to Federal Organization on Security Assurance and Acquisition/Use
of Tested/Evaluated Products |
Aug
2000 |
Special
Publication 800-34 |
Contingency Planning Guide for Information
Technology Systems
|
June 2002
|
Special
Publication 800-41 |
Guidelines
on Firewall and Firewall Policy |
|
Draft System Administration
Guidance for Windows 2000 Professional |
NIST
draft publication - available for comments. |
Nov
19, 2002 |
Draft Special
Publication 800-42 |
NIST
draft publication - Guideline on Network Security Testing |
Feb
2002 |
Draft
Special Publication 800-72 |
Guidelines
on PDA Forensics - available
for comments. |
Aug
2004 |
Committee on National Security Systems (CNSS) |
|
|
CNSS Library Files |
The Committee National Security Systems
(CNSS) |
Various |
Index
of National Security Systems Issuances |
List
of current governance |
Sept
2004 |