<
 
 
 
 
×
>
hide
You are viewing a Web site, archived on 22:57:03 Oct 14, 2004. It is now a Federal record managed by the National Archives and Records Administration.
External links, forms, and search boxes may not function within this collection.
Information Assurance Support Environment IASE Logo
| |  
""
   
Policy and Guidance:

Listed by Organization:

*
Executive Orders
*National Security Directives
*White House
*Senate
*House of Representatives
*Homeland Security
*Office of Management and Budget Circulars
*Federal Information Processing Standards Publications
*Public Law
*Department of Defense (DoD) Level Policy References
*Chairman of the Joint Chiefs of Staff
*
National Security Agency
*Department of the Army
*Department of the Navy
*Department of the Air Force
*Marine Corps

*Defense Information Systems Agency
*General Accounting Office (GAO)
*National Institute of Standards and Technology (NIST)
*CNSS

An Adobe Acrobat reader is required to view PDF files.

Listed by Category:

*Acquisition
*
Common Criteria
*Computer Network Defense (CND)
*DITSCAP
*Emerging Policy and Guidance
*Global Information Grid
*Government Information Security Reform
*IA Strategy
New!
*Net Centricity
New!
*PKI
*Security Recommendation Guides
*Ports and Protocols
*Privacy
*Trusted Products
*Web Policy

*Windows 2000
*Wireless Security


Additional Policy Documents:
* Policy and Guidance in the PKI-Enabled area  - DoD PKI Cert. required to access. 
  Government/ Military Related Search Engines:
*Defenselink
*Firstgov

  Miscellaneous:  
*Important Notice


Listed by Organization
Document Description Last Modified
Executive Orders    
E.O. Library Executive Orders Home Page
Various
E.O.12333 U.S. National Archives and Records Administration
Dec 04, 1981
E.O.12958 Classified National Security Information
April 20, 1995
E.O.13103 Computer Software Piracy
Sept 30, 1998
E.O.13130 National Infrastructure Assurance Council
July 14, 1999
E.O.13231 Critical Infrastructure Protection in the Information Age
Oct 18, 2001
E.O.13284 The Establishment of the Department of Homeland Security, dated January 28, 2003
Jan 28, 2003
Executive Order Strengthening the Sharing of Terrorism Information to Protect Americans
Aug 27, 2004
Executive Order National Counterterrorism Center
Aug 27, 2004
Executive Order Strengthened Management of the Intelligence Community
Aug 27, 2004
National Security Directives    
NSD - 1989 - 1993 National Security Directives
1989 - 1993
NSDD - Reagan National Security Decision Directives Library
1981 - 1989
White House    
National Strategy on Homeland Security Homeland Security
July 2002
Senate    
GISA Government Information Security Act of 2000
May 10, 2000
Privacy Law Lawmakers Roll Out Another Privacy Bill
Jan 20, 2001
U.S. Congress' Cyber Security Act of 2000 Security Act of 2000
April 12, 2000
S-1999 S.1993 - To Reform Government Information Security by Strengthening Information Security Practices Throughout the Federal Government
Mar 28, 2001
House of Representatives    
House of Representatives Bill: Introduction of the Cyber Security Information Act of 2000 The Cyber Security Information Act of 2000
April 12, 2000
H.R. 1259 Computer Security Enhancement Act of 2001
Mar 28, 2001
H.R. 2281 Digital Millennium Copyright Act (DCMA)
 Oct 28, 1998
H.R. 2458-48 Federal Information Security Management Act of 2002 (Title III of E-Gov)
 Jan 23, 2002
Homeland Security    
Hspd-7 17 Dec 2003 Homeland Security Presidential Directive.
Subject: Critical Infrastructure Identification, Prioritization, and Protection.
Dec 17, 2003
Office of Management and Budget Circulars    
OMB 123 Management Accountability and Control
June 21, 1995
OMB A130 Transmittal Number 4 Management of Federal Information Resources
Jan 28, 2000
OMB Circulars Link to OMB Web Site OMB - Circulars in Numerical Sequence
Various
Privacy Policies on Federal Web Sites Office of Management and Budget Privacy Policies (M-99-18)
June 02, 1999
Privacy Policies and Data Collection on Federal Web Sites Office of Management and Budget Privacy Policies and Data Collection (M-00-13)
June 22, 2000
M-01-05 Guidance on Inter-Agency Sharing of Personal Data-Protecting Personal Privacy
Dec 20, 2000
M-01-24 Reporting Instructions for the Government Information Security Reform Act
June 22, 2001
M-02-01 Guidance for Preparing and Submitting Security Plans of Action and Milestones
Oct 17, 2001
Federal Information Processing Standards Publications    
FIPS 46-3 Data Encryption Standard (DES); specifies the use of Triple DES
Oct 25, 1999
FIPS 102 Guidelines for Computer Security Certification and Accreditation
Various
FIPS 140-2 Security Requirements for Cryptographic Modules
Jan 11, 1994
FIPS 197 Advanced Encryption Standard (AES)
Nov 26, 2001
FIPS 198 The Keyed-Hash Message Authentication Code (HMAC)
April 02, 2002
Public Law    
FISMA Act of 2002 Federal Information Management Act (FISMA) of 2002
Various
Public Law 93-579 Privacy Act of 1974
May 2002
Public Law 99-474 Computer Fraud and Abuse Act of 1986
1996
Public Law 100-235 Computer Security Act of 1987
June 11, 1987
Public Law 106-344

Title 10. Armed Forces
Subtitle A. General Military Law
Part IV. Service, Supply, and Procurement
Chapter 131. Planning and Coordination

Oct 20, 2000
Department of Defense (DoD) Level Policy References    
Secretary of Defense Message to DoD Web site OPSEC Discrepancies
Jan 14, 2003
Washington Headquarters Services  DoD Directives and Records Branch 
Various
Common Access Card (CAC) Memorandum Smart Card Adoption and Implementation, dated November 10, 1999
Nov 10, 1999
Open Source Software (OSS) in the Department of Defense (DoD) Memorandum  Open Source Software in the Department of Defense (DoD) Memorandum, dated May 28 2003
May 28, 2003
DoD Telework Policy DoD Telework Policy
Undated
DoD Telework Guidance DoD Telework Guidance
 Undated
Compliance with DoD Web Site Administration Policy DoD Internet Practices and Policies
May 31, 2001
Destruction of DoD Computer Hard Drives Prior to Disposal Destruction of DoD Computer Hard Drives Prior to  Disposal Memorandum by Deputy Secretary of Defense dated January 8, 2001
Jan 08, 2001
Disposition of Unclassified DoD Computer Hard Drives Disposition of Unclassified DoD Computer Hard Drives Memorandum by Assistant Secretary of Defense dated June 4, 2001
June 04, 2001
DoD Instruction 4630.8 Procedures for Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS)
June 30, 2004
DoDI 5120.4 Electronic Newspaper Policy
May 29, 1996
DoDD 5200.1 DoD Information Security Program.
Dec 13, 1996
DoDD 5200.2 DoD Personnel Security Program.
April 09, 1999
DoDI 5200.40 DoD Information Technology Security Certification and Accreditation Process (DITSCAP).
Dec 30, 1997
DoDD 5215.1 DoD Computer Security Evaluation Center.
Oct 25, 1982
DoDD 5220.22 DoD Industrial Security Program.
Dec 08, 1980
DoDD 5230.9 Clearance of DoD Information for Public Release.
Nov 21, 2003
DoDI 5230.29 Security and Policy Review of DoD Information for Public Release.
Aug 06, 1999
DoDD 8100.1 Global Information Grid Overarching Policy.
Sept 19, 2002
DoDD 8100.2 DoD Directive 8100.2, Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG), dated 4/14/2004.
April 14, 2004
DoDI 8100.3 DoD Instruction 8100.3, Department of Defense (DoD) Voice Networks, dated 1/16/2004. This Instruction implements Section 353 of Public Law 107-314 and DoD Directive 8100.1.
Jan 16, 2004
DoDI 8110.1 DoD Instruction 8110.1, Multinational Information Sharing Networks Implementation,dated 2/6/2004. This Instruction implements policy under DoD Directive 8100.1.
Feb 06, 2004
DoDD 8500 Tutorial DoD Information Assurance (IA) Policy and Implementation.
Nov 21, 2003
DoDD 8500.1 DoD Directive 8500.1, "Information Assurance (IA)," dated October 24, 2002.
Oct 24, 2002
FAQ's for DoDD 8500.1 Frequently asked questions: DoD Directive 8500.1, dated January 21, 2003.
Jan 21, 2003
DoDI 8500.2 DoD Instruction 8500.2, Information Assurance (IA) Implementation, dated February 6, 2003.
Feb 06, 2003
FAQ's for DoDI 8500.2 Frequently asked questions: DoD Instruction 8500.2, dated March 20, 2003.
Apr 20, 2003
DoD 8510.1-M  DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Application Document.
July 31, 2000
DoDD 8520.1 DoD Directive 8520.1, "Protection of Sensitive Compartmented Information (SCI)," dated December 20, 2001
Dec 20, 2003
DoDD_O_8530.1 A DoD PKI Certificate is required to access this area.
 Jan 08, 2001
DoD O-8530.1-M A DoD PKI Certificate is required to access this area.
Dec 17, 2003
DoD Instruction 8551.1New! Ports, Protocols, and Services Management (PPSM)
Aug 13, 2004
DoD Directive 8570.1 Information Assurance Training, Certification, and Workforce Management
Aug 15, 2004
DoDI 8580.1 Information Assurance (IA) in the Defense
Acquisition System
July 9, 2004
FAQs for 8580.1 Frequently Asked Questions: DoDI 8580.1
Aug 5, 2004
Information Assurance (IA) Training and Certification This USD(P&R) and ASD(C3I) Memorandum has been superseded by DoDI 8570.1, "Information Assurance Training, Certification, and Workforce Management"
June 29, 1998
IA in the Defense Acquisition Guidebook IA Section of the Draft Defense Acquisition Guidebook
July 9, 2004
DoD CIO Annual Information Assurance Report, FY 2000  DoD CIO Annual Information Assurance Report
Apr 2000
DoD Deployment of Windows 2000 Update  Windows 2000 Guidance Update
Apr 6, 2001
DoD Guidance and Policy Memorandums DoD Chief Information Officer (CIO) Guidance and Policy Memorandums (G&PMs)
Various
DoD Information Management (IM) Strategic Plan DoD IM Strategic Plan
Oct 19, 1999
DoD Implementation of the Recommendations of the IA and IT Integrated Process Team on Training, Certification, and Personnel Management Implementation of the Recommendations of the Information Assurance and Information Technology Integrated Process Team on Training, Certification, and Personnel Management in the Department of Defense
July 14, 2000
DoD IT Standards Registry (DISR online) (Formerly DoD Joint Technical Architecture) DoD IT Standards Registry (DISR)
Various
DoD Key Recovery Policy Version 2.0  Key Recovery Policy for the US DoD Version 2, dated May 31, 2002
May 31, 2002
DoD PKI Memorandum  
Aug 12, 2000
DoD PKI Road Map  
 Dec 18, 2000
DoD Policy Guidance for use of Mobile Code Policy Guidance for use of Mobile Code Technologies in Department of Defense (DoD) Information Systems Memorandum 
Nov 07, 2000
DoD Ports, Protocol, and Services ASD/C31 Memorandum "Increasing Security at the Internet/DISN Boundary" January 28, 2003
Jan 28, 2003
DoD Quadrennial Defense Review Defense Strategy 
Sept 30, 2001
DoD X.509 Certificate Policy Version 6.0 X.509 Certificate Policy for the US DoD, Version 6
  May 31, 2002
National Industrial Security Program Operating Manual (NISPOM) 1995 NISPOM incorporating Change One (July 1997) & Change Two (Feb 2001)
Feb 2001
Pentagon  Area Common Information Technology (IT) Wireless Security Policy This document provides guidelines for implementing wireless technologies in the Pentagon and swing spaces.
Sept 25, 2002
Privacy Policies and Data Collection on DoD Public Web Sites Assistant Secretary of Defense Memorandum
July 13, 2000
Policy for Registration of Extensible Markup Language Assistant Secretary of Defense Memorandum
 April 22, 2002
DoD Electromagnetic Spectrum Management Strategic Plan Deputy Secretary of Defense Strategic Plan.
 October 2002
DoD Web site Administration DoD Web Masters Policies and Guidelines
Various
DoD Web site Site Policies and Procedures DoD Web Site Administration Policies and Procedures (with amendments) - Updated 11 January 2002
Jan 11,  2002
Chairman of the Joint Chiefs of Staff     
Joint Electronic Library Joint Doctrine, Education and Training Resources.
Various
CJCSI_6211.02B This site restricted to *.gov and *.mil addresses
 July 21, 2003
CJCSI 6212.01CNew! Interoperability and Supportability of Information Technology and National Security Systems
Nov 20, 2003

CJCSI_6510_01D
(supersedes CJCSI 6510.01C)

Information Assurance (IA) and Computer Network Defense (CND).
 June 15, 2004
CJCSM_6510.01 A DoD PKI Certificate is required to access this area.
 Mar 25, 2003
National Security Agency    
NSA Security Guides  National Security Agency Security Guides 
 Various
Department of the Army     
HQ AMC Information Assurance HQ Army Materiel Command (AMC) Information Assurance
 Various
AR 12-7 Security Assistance Teams
 June 15, 1998
AR 12-12 Processing Discrepancy Reports Against Foreign Military Sales Shipments
Dec 17, 1991
AR25-1 The Army Information Resources Management Program
May 31, 2002
AR 25-2 Information Assurance
Nov 14, 2003
AR70-1 Army Acquisition Policy
Dec 31, 2003
AR 380-4 DA Physical  Security Program in the National Capital Region
Apr 15, 1982
AR 380-5 Department of the Army Information Security Program
 Sept 29, 2000
AR 380-6 Laser Guidance System Security Classification Guide
Dec 01, 1983
AR 380-10 Foreign Disclosure, Technology Transfer, and Contacts with Foreign Representatives
June 06, 2003
AR 380-13 Acquisition and Storage of Information Concerning Non-affiliated Persons and Organizations
Sept 30, 1974
AR 380-49 Industrial Security Program
Apr 15, 1982
AR 380-53 Information Systems Security Monitoring 
Apr 29, 1998
AR 380-58 Security Classification of Airborne Sensor Imagery and Imaging Systems
 Feb 28, 1991
AR 380-67 The Department of Army Personnel Security Program
 Sept 09, 1998
AR 380-86 Classification of Former Chemical Warfare, Chemical and Biological Defense, and Nuclear, Biological, Chemical Contamination Survivability Information
 Mar 15, 2002
AR 380-381 Special Access Programs (SAPS)
 Apr 21, 2004
INFOSEC Documents Library 380 Series Security
 Various
INFOSEC Documents Library 12 Series Security Assistance and International Logistics
 Various
Department of the Navy    
Department of Navy Directives Navy Electronic Directives System
 Various
INFOSEC Documents Library  
 Various
Department of the Air Force    
Air Force Electronic Publication  
  Various
AFPD31-4 Information Security
 Sept 01, 1998
AFPD31-6 Industrial Security
 Apr 01, 2000
AFSSI/AFSSM Air Force Systems Security Instructions and Manuals
This site restricted to *.gov and *.mil addresses
 Various
Air Force SSI 5021 Time Compliance Network Order (TCNO) Management and Vulnerability and Incident Reporting
 Feb 12, 2003
Marine Corps    
USMC References  
 Various
IRM5239-06 Data Access Security
 Undated
IRM5239-08-A Computer Security Procedures
 May 03, 1995
IRM5239-09 Contingency Planning
 July 05, 1989
IRM5239-10 Small Computer Systems Security
 May 23, 1990
IRM5239-12 Project Managers Security Handbook
 Dec 17, 1990
IRM5239-13 System Security Plans
 Apr 30, 1991
MCO5239.2 Marine Corps Information Assurance Program (MCIAP)
 Nov 18, 2002
MCO5271.1A IRM Standards and Guidelines Program
 June 10, 1993
Defense Information Systems Agency    
DISA Publications DISA Publications Page  
Defense Switched Network (DSN) New! The Defense Switched Network (DSN) Page
Various
DSN IA Policy New! The Defense Switched Network (DSN) IA Documents
Various
DSN IA Information New! The Defense Switched Network (DSN)
Various
DoD IT Standards Registry (DISR) DISRonline (Formerly DoD Joint Technical Architecture) DoD IT Standards Registry (DISR) (Formerly DoD Joint Technical Architecture (JTA)
 Various
DISA I630-230-19 Automated Data Processing - Information Systems Security Program
 July 09, 1996
DISA Instruction 630-225-7 (Only available to DISANet users) Web Policies and Products Internet, Intranet, and World Wide Web Policy   
Windows 2000 DISA Policy Memorandum Deployment of the Windows 2000 Operating System on the DISANet  **only available to those with access to datahouse  
General Accounting Office (GAO)    
Management Planning Guide for Information 
Systems Security Auditing
Management Planning Guide for Information Systems Security Auditing, dated December 10, 2001
 Dec 10, 2001
Combating Terrorism Selected challenges and related recommendations.
 Sept 2001
Advances and Remaining Challenges to
Adoption of PKI
This report provides an assessment of the issues and challenges the government faces in adopting PKI.
 Feb 2001
AIMD-00-140 Information Security:  Vulnerabilities in DOE's Systems for Unclassified Civilian Research
 June 2000
AIMD-00-188R Information Security:  Software Change Controls at the Department of Defense
 June 30, 2000
AIMD-00-192R Information Security:  Software Change Controls at the Department of Labor
 June 30, 2000
AIMD-00-193R Information Security:  Software Change Controls at the Department of Transportation
 June 30, 2000
AIMD-00-199R Information Security:  Software Change Controls at the Department of State
 June 30, 2000
AIMD-00-200R Information Security: Software Change Controls at the Department of the Treasury
 June 30, 2000
AIMD-00-215 Information Security:  Fundamental Weaknesses Place EPA Data and Operations at Risk
July 2000
AIMD-00-295 Information Security:  Serious and Widespread Weaknesses Persist at Federal Agencies
 Sept 2000
AIMD-96-84 Computer Attacks at the Department of Defense Pose Increasing Risks
 May 1996
AIMD-99-107 Information Security: Serious Weaknesses Continue to Place Defense Operations at Risk
 Aug 1999
GAO-01-113T Comparison of Federal Agency Practices With FTC's Fair Information Principles
 Oct 11, 2000
GAO-01-147R Internet Privacy:  Federal Agency Use of Cookies
 Oct 20, 2000
GAO-01-263 High Risk Series: An Update
Jan 2001
GAO-04-467 Information Security - Technologies to Secure Federal Systems
Mar 2004
GGD-00-191 Internet Privacy:  Agencies' Efforts to Implement OMB's Privacy Policy
Sept 2000
T-RCED-00-225 Nuclear Security:  Information on DOE's Requirements for Protecting and Controlling Classified Documents
 June 27, 2000
T-AIMD-00-229 Critical Infrastructure Protection:  Comments on the Proposed Cyber Security Information Act of 2000
 June 22, 2000
T-AIMD-00-314 Computer Security:  Critical Federal Operations and Assets Remain at Risk
Sept 11, 2000
T-AIMD-00-321 VA Information Technology:  Progress Continues Although Vulnerabilities Remain
 Sept 11, 2000
T-AIMD-00-330 FAA Computer Security:  Actions Needed to Address Critical Weaknesses That Jeopardize Aviation Operations
 Sept 27, 2000
GAO-02-407 Information Security: Additional Actions Needed to Fully Implement Reform Legislation.
 May 2002
National Institute of Standards and Technology (NIST)    
NIST Library  NIST Computer Security Resource Center (CSRC)
 Various
NISTIR 7100 New! PDA Forensics Tools: An Overview and Analysis
Aug 2004
Proposed E-Authentication policy The General Services Administration, in coordination with OMB, has published a proposed E-Authentication policy for public comment. GSA is requiring that agencies implement the E-Authentication Policy, which establishes four assurance levels to create a Government wide standard framework for determining what is required to access a particular Government transaction online. Comments are being accepted through August 11.
 June 11, 2003
Special Publication 800-23 Guidelines to Federal Organization on Security Assurance and Acquisition/Use of Tested/Evaluated Products
 Aug 2000
Special Publication 800-34 Contingency Planning Guide for Information Technology Systems
  June 2002
Special Publication 800-41 Guidelines on Firewall and Firewall Policy  
Draft System Administration Guidance for  Windows 2000 Professional  NIST draft publication - available for comments.
 Nov 19, 2002
Draft Special Publication 800-42 NIST draft publication - Guideline on Network Security Testing
 Feb 2002
Draft Special Publication 800-72 Guidelines on PDA Forensics - available for comments.
Aug 2004
Committee on National Security Systems (CNSS)    
CNSS Library Files  The Committee National Security Systems (CNSS)
 Various
Index of National Security Systems IssuancesNew!  List of current governance
Sept 2004

Listed by Category
Document Description Last Modified
Acquisition    
DoD 5000.1 The Defense Acquisition System
 May 12, 2003
DoD 5000.2 Operation of the Defense Acquisition System
May 12, 2003
DoDI 8580.1 Information Assurance (IA) in the Defense
Acquisition System
July 9, 2004
FAQs for 8580.1 Frequently Asked Questions: DoDI 8580.1
Aug 5, 2004
IA in the Defense Acquisition Guidebook IA Section of the Draft Defense Acquisition Guidebook
July 9, 2004
Trusted Products  
Various
Common Criteria     
Common Criteria Project Common Criteria for IT Security Evaluation (CC), plus various CC-related documents 
 Various
Common Criteria Protection Files Common Criteria Protection Files
 Various
NIAP Guidance Documents NIAP Guidance Documents
 Various
NSTISSAM COMPUSEC 1-99 Advisory Memorandum on the Transition from the Trusted Computer System Evaluation Criteria to the International Common Criteria for Information Technology Security Evaluation
 Mar 11, 1999
Protection Profiles Information Assurance Technical Framework Forum Protection Files 
 Various
The Rainbow Series Rainbow Series Library
 Various
DITSCAP    
DoD 5200.40 DoD Information Technology Security Certification and Accreditation Process (DITSCAP)
 Dec 30, 1997
DoD 5220-M-SUP National Industrial Security Program Operating Manual Supplement
 Feb 1995
DoD 5220.22 DoD Industrial Security Program
 Dec 08, 1980
DoD 5220.22-M National Industrial Security Program Operating Manual
 Jan 1995
DoD 8510.1-M DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Application Document
 July 31, 2000
DoD 8910.1-M DoD Procedures For Management Of Information  Requirements
 July 11, 1993
NSTISSI No. 4009 National Information Systems Security (INFOSEC) Glossary
 May 2003
OMB A130 Transmittal Number 4 Management of Federal Information Resources
 Various
Public Law 100-235 Computer Security Act of 1987
 Jan 8, 1988
Subsection 552a of title 5, United States Code Subsection 552a of title 5, United States Code
 Jan 06, 2003
Emerging Policy and Guidance     
Government Network Security Act 2003 H.R. 3159 Government Network Security Act 2003
 Sept 24, 2003
Fact Sheet for Government Security Act 2003 Fact Sheet for H.R. 3159 Government Network Security Act 2003
 Sept 25, 2003
Davis Introduces "Government Network Security Act of 2003 Introduction and News release for the Government Network Security Act 2003
 Sept 24, 2003
Global Information Grid     
GIG Guidance DoD Chief Information Officer Guidance and Policy Memorandums 
 Various
DoD CIO GPM DOD GIGIA No. 6-8510 DoD Chief Information Officer Guidance and Policy Memorandum No. 6-8510 "Department of Defense Global Information Grid Information Assurance", 16 June 2000.
 Various
DoD CIO Guidance and Policy Memorandum 10-8460 GIG Network Operations
 June 16, 2000
DoD CIO Guidance and Policy Memorandum 7-8170 GIG Information Management
Aug 24, 2000
DoD CIO Guidance and Policy Memorandum 4-8460 GIG Networks
 Aug 24, 2000
DoD Chief Information Officer (CIO) Guidance and Policy Memorandum No. 8-8001 Global Information Grid 
Aug 24, 2000
DoD Chief Information Officer Executive Board GIG Information Assurance Guidance and Policy Memorandum and Implementation Guidance GIG Information Assurance Guidance and Policy Memorandum and Implementation Guidance
June 16, 2000
DoD Global Information Grid Architecture (V 2.0) Management Plan Global Information Grid Architecture (V 2.0) Management Plan  
DoD CIO G&PM 11-8450 DoD Global Information Grid (GIG) Computing
 Apr 06, 2001
Assistant Secretary of Defense Global Information Grid Memo 22 September 1999  
Government Information 
Security Reform
   
GISR Reporting Responsibilities
Memorandum
Signed memorandum approving the methodology and action plan developed by the IA Integrated Process Team (IPT).
  July 02, 2001
GISRA Collection Matrix Designed as a Management tool to track IA trends and outcomes
 Various
Government Information 
Security Reform
As part of the FY 2001 National Defense Authorization Act, Subtitle G, Government Information Security Reform, increased Information Assurance (IA) requirements for the Federal government.
 Aug 01, 2001
Guidance on Implementing the 
Government Information Security Reform Act
OMB Guidance Memorandum on implementing GISR
Jan 16, 2001
IA StrategyNew!    
The National Strategy to Secure CyberspaceNew! Strategy to secure Cyberspace signed by the President
Feb 2003
Net CentricityNew!  
 
CJCSI 6212.01CNew! Interoperability and Supportability of Information Technology and National Security Systems
Nov 20, 2003
DoD Instruction 4630.8 Procedures for Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS)
June 30, 2004
DoD IT Standards Registry (DISR online) (Formerly DoD Joint Technical Architecture) DoD IT Standards Registry (DISR)
Various
GIG NCOW New! Enabling Transformation Achieving Net-Centric
Operations and Warfighting briefing
None listed
NCOW Web Site New! DoD Global Information Grid Architectures Site
Various
GIG NCESNew! GIG Enterprise Services web site
Various
GIG Net Centric Data StrategyNew! DoD Metadata Registry and Clearinghouse Web Site
Various
Office of Force Transformation Briefing - Network Centric OptionsNew! Net Centric Operations - The Power of Information Age Concepts and Technologies
Various
OSD Plans to use New 'Net-Centric Checklist' During Program ReviewsNew! Article from Inside The Pentagon
July 8, 2004
The purpose of the Net-Centric Checklist is to assist program managers in understanding the net-centric attributes that their programs need to implement to move into the net-centric environment as part of a service-oriented architecture in the Global Information Grid
 May 12, 2004
Trusted Products    
NSTISSP No. 11 Frequently Asked Questions Frequently Asked Questions of the IA vendor community on complying with the National IA Acquisition Policy.
 Various
NSA Certified Products Trusted Product Evaluation Program,Commercial Product Evaluations
 Various
Validated Products NIAP Validated Products List
 Various
NSTISSP No. 11 National Information Assurance Acquisition Policy dated January 2000 
 Jan 2000
NIST Special Publication 800-23 Guideline to Federal Organization on Acquisition/Use of Tested/Evaluated Products
 Aug 2000
Web Policy    
Secretary of Defense Message to DoD Web site OPSEC Discrepancies
Jan 14, 2003 
DoD Web Site Administration DoD Web Masters web site
 Various
DoD Web site Site Policies and Procedures DoD Web Site Administration Policies and Procedures (with amendments) - Updated 11 January 2002
 Jan 11, 2002
DoD Webmasters Electronic Mail List DoD Webmasters Electronic Mail List
 Various
Correction of DoD Web Site Administration Policy  Amendment and Corrections to Web Site Administration Policies & Procedures - Updated 11 January 2002
  Jan 11, 2002
DoD Guide to Marking Classified Documents DoD Guide to Marking Classified Documents
 April 1997
DoD Instruction 5120.4 Electronic Newspaper Policy
 May 29, 1996
DoD Directive 5230.9 Clearance of DoD Information for Public Release
 Nov 21, 2003
DoD Instruction 5230.29 Security and Policy Review of DoD Information for Public Release
 Aug 06, 1999
DoD Web Site Administration Policy and Procedures
Clearance Procedures for making Electronic Information Available to the Public
 Nov 25, 1998
Accessibility of DoD Web sites to People with Disabilities DoD Memorandum
 July 21, 2000
Compliance with DoD Web Site Administration Policy Assistant Secretary of Defense Memorandum
 May 31, 2001
Removal of Personally Identifying Information OASD Memorandum, "Removal of Personally Identifying Information under the Information of Freedom Act (FOIA)."
 Dec 28, 2001
DISA Web Policy DISA Web Policy Handbook
 Various
DISA Instruction 630-225-7
(Only available to DISANet users)
Web Policies and Products Internet, Intranet, and World Wide Web Policy   
DISA Government Information Locator Service DISA WWW "Internet Government Information Locator Service (GILS)" Submission Instruction.
 Undated
Information Vulnerability and the World Wide Web DoD Memorandum 
 Sept 24, 1998
Privacy Policies and Data Collection Privacy Policies and Data Collection on DoD Public Web Sites
 July 13, 2000
Memorandum 99-18 Privacy Policies on Federal Web Sites
 June 02, 1998
Memorandum 00-13 Privacy Policies and Data Collection of Federal Web Sites
 June 22, 2000
Air Force Web Guidance Links to the Air Force Web Policy and Guidance
 Undated
Army Web Guidance Guidance for Management of Publicly Accessible U.S. Army Web sites
 Undated
SECNAV Instruction 5720.47 Department of the Navy Policy for Content Publicly Accessible World Wide Web sites
 July 07, 1999
Navy Web Guidance Navy Web Guidance
 July 1, 1999
Audit Report D-2001-130 DoD Internet Practices and Policies - Office of the Inspector General Department of Defense
 May 31, 2001
Privacy    
Safeguarding Privacy in the Fight against Terrorism  Report of the Technology and Privacy Advisory Committee
March 2004
Defense Privacy Office Defense Privacy Office - multiple policy links
Various
Platform for Privacy Preferences 
Project
W3C Policy for Privacy Preferences Project
 Various
Public Law 93-579 Privacy Act of 1974
May 2002
Privacy Policies on Federal Web Sites Office of Management and Budget Privacy Policy
June 02, 1999
Privacy Policies and Data Collection on Federal Web Sites Office of Management and Budget Privacy Policy
June 22, 2000
Privacy Policies and Data Collection on Federal Web Sites Clarification Office of Management and Budget Privacy Policy Clarification
 Sept 05, 2000
Privacy Policies and Data Collection on DoD Public Web Sites Assistance Secretary of Defense Memorandum
July 13, 2000
E.O.13103 Computer Software Piracy
Sept 30, 1998
Privacy Law Lawmakers Roll Out Another Privacy Bill
Jan 20, 2001
M-01-05 Guidance on Inter-Agency Sharing of Personal Data-Protecting Personal Privacy
Dec 20, 2000
Windows 2000    
DoD Deployment of Windows 2000 Update  Windows 2000 Guidance Update
Apr 6, 2001
Windows 2000 Security Recommendation Guides NSA Security Recommendation Guides
  Various
Windows 2000 DISA Policy Memorandum Deployment of the Windows 2000 Operating System on the DISANet  **DoD PKI Cert Req'd  
System Administration Guidance for  Windows 2000 Professional  NIST draft publication - available for comments.
 Nov 11, 2000
Wireless Security    
Wireless Technologies: Implementation and Security Wireless Implementation & Security Briefing **DoD PKI Cert Req'd
June 1, 2004
Wireless STIG This site restricted to *.gov and *.mil addresses
 Various
NIST Wireless Security Guidance  
 Dec 4, 2002
Pentagon Area Common Information Technology (IT) Wireless Security Policy  
 Sept 25, 2002
PKI    
DoDI 8520.2 Public Key Infrastructure (PKI) and Public Key (PK) Enabling
Apr 01, 2004
DoD PKI-PKE FAQ DoD Public Key Infrastructure -Public Key Enabling FAQ
May 03, 2004
PKI PMO Public Key Infrastructure/ Program Management Office
  Various
DoD PKI Road Map DoD Public Key Infrastructure Road Map
 Dec 18, 2000
DoD X.509 Certificate Policy Version 8.0  
  Various
DoD Key Recovery Policy Version 3.0  
 Various
Common Access Card Memorandum subject: “Smart Card Adoption and Implementation,” the Department is implementing smart card technology through a common access card (CAC) and has developed four versions as described within this memorandum.
 Nov 10, 1999
DoD Public Key Infrastructure (PKI) Guidance and Policy Memorandum DoD Public Key Infrastructure Memorandum, August 12, 2000
 Aug 12, 2000
DoD Public Key Enabling (PKE) of Applications, Web Servers, and Networks Public Key Enabling (PKE) of Applications, Web Servers, and Networks for the Department of Defense (DoD) Memorandum by ASD(C3I) May 17, 2001
 May 21, 2001
Assignment of Program Office Responsibilities Assignment of Program Office Responsibilities for the Department of Defense Public Key Infrastructure (PKI)
 Apr 09, 1999
DoD PKI DoD Public Key Infrastructure, May 1999
 May 06, 1999
Smart Card Smart Card Adoption and Implementation Memorandum November 10, 1999
June 18, 2001
PKI Operating Documents PKI Operating Documents
Dec 13, 1999
PKI Protection Profiles Common Criteria Protection Profiles
 Various
Class 4 PKI Directory Defense Class 4 PKI DRAFT Ver. 0.2, Undated 
 Apr 09, 2003
Class 3.0 Release 2 Transition Plan Class 3.0 Release 2 Transition Plan, July 2000  
IECA Server Certificates IECA Server Certificates: Guidance for Issuing Server Certificates to DoD Vendors.
 May 2001
PKI Policy Documents - PKI Certificate Required PKI Documents
 Various
Ports and Protocols    
DoD Instruction 8551.1 Ports, Protocols, and Services Management (PPSM)
Aug 13, 2004
DoD Ports, Protocol, and Services ASD/C31 Memorandum "Increasing Security at the Internet/DISN Boundary" January 28, 2003
 Jan 28, 2003
DOD Ports and Protocol Program  
 Undated
FAQ's on DoD Ports and Protocols  Frequently asked questions: Ports and Protocols. This area restricted to *.gov and *.mil addresses 
 Undated
Update on DoD Ports and Protocol Program JTF-CNO Update on DoD, "Ports and Protocol Program" March 14,2003
 Undated
Security Configuration Guidelines    
NSA Security Recommendation Guides NSA Security Configuration Guidelines
 Various
DISA Security Configuration Guides DISA FSO Security Configuration Guidelines
 Various
DoD Mobile Code Guides DoD Mobile Code Guidance
 Various
Computer Network Defense    
CND Matrix A DoD PKI Certificate is required to access this area.
Dec 15, 2003
Guidance for Computer Network Defense Response Actions Memo A DoD PKI Certificate is required to access this area.
Feb 26, 2003
U.S. Congress' Cyber Security Act of 2000 Security Act of 2000
 April 12, 2000
SECDEF Memo SUBJECT:  Department of Defense (DoD) Information Assurance Vulnerability Alert (IAVA)
 Dec 30, 1999
DoD Instruction 5215.2 Computer Security Technical Vulnerability Reporting
Program (CSTVRP)
 Sept 02, 1986
DoDD_O_8530.1 A DoD PKI Certificate is required to access this area.
Jan 8, 2001
DoD O-8530.1-M A DoD PKI Certificate is required to access this area.
Dec 17, 2003
DoDI_O_8530.2 A DoD PKI Certificate is required to access this area.
Mar 9, 2001
CJCSM 3150.07A Joint Reporting Structure Communications Status
 April 19, 2001
CJCSI_6211.02B This site restricted to *.gov and *.mil addresses
 July 21, 2003

CJCSI_6510_01D
(supersedes CJCSI 6510.01C)

Information Assurance (IA) and Computer Network Defense (CND).
 June 15, 2004
CJCSM_6510.01 A DoD PKI Certificate is required to access this area.
Mar 25, 2003
Air Force Instruction 33-115 Volume I Network Management
 May 03, 2004
Air Force Instruction 33-112 Computer Systems Management
 Feb 25, 2001
Air Force Policy Directive 10-24 Air Force Critical Infrastructure Protection  
Air Force SSI 5021 Time Compliance Network Order (TCNO) Management and Vulnerability and Incident Reporting
  Various
Computer Security Enhancement Act of 2001 Computer Security Enhancement Act
 Nov 28, 2001
IAVA Process Handbook DISA Information Assurance Vulnerability Alert 
  June 11, 2002
NSTISSI 1000 National Information Assurance Certification and Accreditation Process (NIACAP)
 April 2000
NSTISSP National Information Assurance (IA) Policy for U.S. Space Systems 
 Undated

Notice:  The IASE posts any DoD Information Assurance (IA) policy or guidance links that we become aware of as soon as we are able.  Since the IASE mission is to support DoD, we are not always aware of changes to IA policy.    IASE users need to verify the relevance and life span of any Policy or Guidance link used from this page.  We invite the IASE community to inform us of changes to Information Assurance policy so that we can maintain this page for all to use.  Please provide url references whenever possible to IA-web@ncr.disa.mil

The appearance of hyperlinks does not constitute endorsement by the Department of Defense/Defense Information Systems Agency of this Web site or the information, products, or services contained therein. For other than authorized activities, such as military exchanges and MWR sites,the Department of Defense/Defense Information Systems Agency does not exercise any editorial control over the information you may find at  these locations. Such links are provided consistent with the stated purpose of this DoD Web site. 


Home Search
Webmaster:IA-web@ncr.disa.mil
Page Revised 07-Oct-04