Policy and Guidance
| Listed by Organization:
Government/Military Related Search Engines: |
Listed by Category:
Additional Policy Documents: Miscellaneous: |
Listed by Organization
| Document | Description | Last Modified |
|---|---|---|
| Executive Orders | ||
| E.O. Library | Executive Orders Home Page | Various |
| Federal Register Website | Federal Register Website | Various |
| E.O.12333 | Executive Order 12333 - United States Intelligence Activities | Dec 4, 1981 |
| E.O.12333 Memo | Message from the Director CIA to Employees on Executive Order 12333 | Jul 31, 2008 |
| E.O.12958 | Classified National Security Information | Apr 20, 1995 |
| E.O.13103 | Computer Software Piracy | Sep 30, 1998 |
| E.O.13130 | National Infrastructure Assurance Council | Jul 14, 1999 |
| E.O.13231 | Critical Infrastructure Protection in the Information Age | Oct 18, 2001 |
| E.O.13284 | The Establishment of the Department of Homeland Security | Jan 28, 2003 |
| E.O.13354 | National Counterterrorism Center | Aug 27, 2004 |
| E.O.13355 | Strengthened Management of the Intelligence Community | Aug 27, 2004 |
| E.O.13356 | Strengthening the Sharing of Terrorism Information to Protect Americans | Aug 27, 2004 |
| National Security Directives | ||
| NSD - 1989 - 1993 | National Security Directives | 1989 - 1993 |
| NSDD - Reagan | National Security Decision Directives Library | 1981 - 1989 |
| White House | ||
| National Strategy on Homeland Security | Homeland Security | Jul 2002 |
| Senate | ||
| GISA | Government Information Security Act of 2000 | May 10, 2000 |
| Privacy Law | Lawmakers Roll Out Another Privacy Bill | Jan 20, 2001 |
| Security Act of 2000 | U.S. Congress' Cyber Security Act of 2000 | Apr 12, 2000 |
| S-1999 | S.1993 - To Reform Government Information Security by Strengthening Information Security Practices Throughout the Federal Government | Mar 28, 2001 |
| House of Representatives | ||
| H.R. Bill: Cyber Security Information Act of 2000 | Introduction of the Cyber Security Information Act of 2000 | Apr 12, 2000 |
| H.R. 1259 | Computer Security Enhancement Act of 2001 | Mar 28, 2001 |
| H.R. 2281 | Digital Millennium Copyright Act (DCMA) | Oct 28, 1998 |
| H.R. 2458-48 | Federal Information Security Management Act of 2002(Title III of E-Gov) | Jan 23, 2002 |
| Homeland Security | ||
| HSPD-7 | Homeland Security Presidential Directive. Subject: Critical Infrastructure Identification, Prioritization, and Protection. | Dec 17, 2003 |
| Office of Management and Budget Circulars | ||
| OMB A-123 | Management Accountability and Control | Jun 21, 1995 |
| OMB A-130 | Transmittal Number 4 Management of Federal Information Resources | Jan 28, 2000 |
| OMB M-00-13 | Privacy Policies and Data Collection on Federal Web Sites | Jun 22, 2000 |
| OMB M-01-05 | Guidance on Inter-Agency Sharing of Personal Data-Protecting Personal Privacy | Dec 20, 2000 |
| OMB M-01-24 | Reporting Instructions for the Government Information Security Reform Act | Jun 22, 2001 |
| OMB M-02-01 | Guidance for Preparing and Submitting Security Plans of Action and Milestones | Oct 17, 2001 |
| OMB M-04-25 | FY04 Reporting Instructions for the Federal Information Security Management Act (FISMA) | Aug 23, 2004 |
| OMB M-05-04 | Policies for Federal Agency Public Website's | Dec 17, 2004 |
| OMB M-06-16 | Protection of Sensitive Agency Information | Jun 23, 2006 |
| OMB M-06-19 | Reporting Incidents Involving Personally Identifiable Information Incorporating the Cost for Security in Agency Information Technology Investments | Jul 12, 2006 |
| OMB M-07-11 | Implementation of Commonly Accepted Security Configurations for Windows Operating Systems | Mar 22, 2007 |
| OMB M-07-18 | Ensuring New Acquisitions Include Common Security Configurations | Jun 1, 2007 |
| OMB M-99-18 | Privacy Policies on Federal Web Sites | Jun 2, 1999 |
| OMB Circulars | Link to OMB Web Site OMB - Circulars in Numerical Sequence | Various |
| Public Law | ||
| FISMA Act of 2002 | Federal Information Management Act (FISMA) of 2002 | Various |
| FISMA Implementation Project | Promote development of standards and guidelines to support the Federal Information Security Management Act | Various |
| FISMA FY04 Report to Congress | Summary of government-wide performance in information technology management, analysis of government-wide weaknesses in information technology security, plan of action to improve information technology security performance. | Mar 1, 2005 |
| Public Law 93-579 | Privacy Act of 1974 | May 2002 |
| Public Law 100-235 | Computer Security Act of 1987 | Jan 8, 1988 |
| Public Law 106-344 | Title 10. Armed Forces - Subtitle A. General Military Law - Part IV. Service, Supply, and Procurement - Chapter 131. Planning and Coordination | Oct 20, 2000 |
| Department of Defense (DoD) Level Policy References | ||
| DoD Instructions 8552.01 (.gov/.mil restricted) | Use of Mobile Code Technologies in DoD Information Systems | Oct 23, 2006 |
| DoD Policy Memorandum (.gov/.mil restricted) | Mobile Code Technologies and Risk Category Assignments and Use Restrictions | Jan 20, 2006 |
| DoD Internet Practices and Policies | Compliance with DoD Web Site Administration Policy | May 31, 2001 |
| DoD Computer Hard Drive Destruction Procedures | Destruction of DoD Computer Hard Drives Prior to Disposal Memorandum by Deputy Secretary of Defense | Jan 8, 2001 |
| Disposition of Unclassified DoD Computer Hard Drives | Disposition of Unclassified DoD Computer Hard Drives Memorandum by Assistant Secretary of Defense | Jun 4, 2001 |
| DoD DAR and TPM Decree New! | Signed DoD Memorandum - Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media | Jul 03, 2007 |
| DoD Policy Memorandum - FAQ New! | Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media Memo | Mar 19, 2008 |
| DoD Guidance on (PII) | DoD Memorandum - Provides guidance on protecting personally identifiable information responsive to recent OMB guidance (references (a) and (b) in the memorandum). | Aug 18, 2006 |
| DoD Issuances | Official DoD Web Site for DoD Issuances: (Search DoD Directives, Instructions, Publications, Administrative Instructions and Directive Type Memoranda) | Various |
| DISR Online (DoD PKI cert req'd) | DoD IT Standards Registry (DISR) | Various |
| Use of DoD Information Systems Updated! | DoD Policy on Use of DoD Information Systems - Standard Consent Banner and User Agreement | May 9, 2008 |
| DoD Quadrennial Defense Review | Defense Strategy: Purpose is to help shape the process of change to provide the United States of America with strong, sound and effective warfighting capabilities in the decades ahead. | Feb 6, 2006 |
| DoD Telework Policy Currently Unavailable | DoD Telework Policy | Undated |
| DoD Telework Guidance Currently Unavailable | DoD Telework Guidance | Undated |
| DoD Web Site Administration | DoD Web Masters Policies and Guidelines | Various |
| DoD Web Site Policies and Procedures | DoD Web Site Administration Policies and Procedures (with amendments) | Jan 11, 2002 |
| IA in the Defense Acquisition Guidebook | IA Section of the Draft Defense Acquisition Guidebook | Jul 9, 2004 |
| National Industrial Security Program Operating Manual (NISPOM) | NISPOM change was signed by the Under Secretary of Defense for Intelligence. | Feb 28, 2006 |
| Open Source Software (OSS) in (DoD) Memorandum | Open Source Software in the Department of Defense (DoD) Memorandum | May 28, 2003 |
| Secretary of Defense Message to DoD | Web site OPSEC Discrepancies | Jan 14, 2003 |
| DoD Instruction 4630.5 | Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS) Certified Current April 23, 2007 | May 5 , 2004 |
| DoD Instruction 4630.8 | Procedures for Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS) | Jun 30, 2004 |
| DoDI 5120.4 | Electronic Newspaper Policy | May 29, 1996 |
| DoDD 5144.1 | Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer (ASD(NII)/DoD CIO) Directive Cancels DoD Directive 5137.1, "Assistant Secretary of Defense for Command, Control, Communications, and Intelligence (ASD(C3I))" February 12, 1992 |
May 02, 2005 |
| DoDD 5200.01 | DoD Information Security Program and Protection of Sensitive Compartmented Information | October 9, 2008 |
| DoD 5200.1-R | Information Security Program | Jan 1997 |
| DoDD 5200.2 | DoD Personnel Security Program. | Apr 9, 1999 |
| DoDD 5210.50 | Unauthorized Disclosure of Classified Information to the Public. | Jul 28, 2005 |
| DoDD 5215.1 | DoD Computer Security Evaluation Center. | Oct 25, 1982 |
| DoD 5220.22-M | National Industrial Security Program Operating Manual | Feb 28, 2006 |
| DoDD 5230.09 | Clearance of DoD Information for Public Release. | Aug 22, 2008 |
| DoDI 5230.29 | Security and Policy Review of DoD Information for Public Release. | Jan 8, 20099 |
| DoDD 8000.01 | Global Information Grid Overarching Policy Certified Current June 22, 2009 | Feb 10, 2009 |
| DoDD 8100.02 | DoD Directive 8100.02, Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG) Certified Current April 23, 2007 | Apr 14, 2004 |
| DoDI 8100.3 | DoD Instruction 8100.3, Department of Defense (DoD) Voice Networks. This Instruction implements Section 353 of Public Law 107-314 and DoD Directive 8000.01. | Jan 16, 2004 |
| DoDI 8110.1 | Multi-National Information Sharing Networks Implementation. This Instruction implements policy under DoD Directive 8000.01. | Feb 6, 2004 |
| DoDD 8115.1 | Information Technology Portfolio Management | Oct 10, 2005 |
| DoDD 8500 Tutorial (.gov & .mil only) | DoD Information Assurance (IA) Policy and Implementation. | Nov 21, 2003 |
| DoDD 8500.01E | Information Assurance (IA) Certified Current April 23, 2007 | Oct 24, 2002 |
| DoDD 8500.1 FAQ's (.gov & .mil only) | Frequently asked questions: DoD Directive 8500.1. | Jan 21, 2003 |
| DoDI 8500.2 | DoD Instruction 8500.2, Information Assurance (IA) Implementation. | Feb 6, 2003 |
| DoDI 8500.2 FAQ's (.gov & .mil only) | Frequently asked questions: DoD Instruction 8500.2. | Mar 20, 2003 |
| DoDD O 8530.1 | Computer Network Defense (CND) Directive | Jan 8, 2001 |
| DoDI O 8530.2 (DoD PKI cert req'd) | Support to Computer Network Defense (CND) | Mar 9, 2001 |
| DoD O 8530.1-M (DoD PKI cert req'd) | Computer Network Defense (CND) Service Provider Certification and Accreditation Process | Dec 17, 2003 |
| DoD Instruction 8551.1 | Ports, Protocols, and Services Management (PPSM) | Aug 13, 2004 |
| DoD Directive 8570.01 | Information Assurance Training, Certification, and Workforce Management Certified Current April 23, 2007 | Aug 15, 2004 |
| DoD 8570.01-M | Information Assurance Training, Certification, and Workforce Program Manual | Dec 19, 2005 |
| DoDD 8570 FAQ | DoD Directive 8570 Information Assurance Training, Certification, and Workforce Management FAQ | Dec 21, 2006 |
| DoDI 8580.1 | Information Assurance (IA) in the Defense Acquisition System | Jul 9, 2004 |
| DoDI 8580.1 FAQ's | Frequently Asked Questions: DoDI 8580.1 | Aug 5, 2004 |
| DoDD 8581.1 | Information Assurance (IA) Policy for Space Systems Used by the Department of Defense | Jun 21, 2005 |
| DoDD 8581.1E FAQs | Information Assurance (IA) Policy for Space Systems Used by the Department of Defense FAQs | Sep 7, 2005 |
| Chairman of the Joint Chiefs of Staff | ||
| Computer Network Defense CJCSM 3150.07A |
Joint Reporting Structure Communications Status | Apr 19, 2001 |
| IA Annex to C4 Campaign plan (DoD PKI cert req'd) | Systems Directorate(J-6) for the Joint Command, Control, Communications and Computer(C4). | Feb 2005 |
| CJCSI_6211.02C | Defense Information System Network (DISN): Policy and Responsibilities | Jul 9, 2008 |
| CJCSI 6212.01D | Interoperability and Supportability of Information Technology and National Security Systems Certified Current Mar 14, 2007 | Mar 8, 2006 |
| CJCSI 6510.01 | Information Assurance (IA) and Computer Network Defense (CND). (Restricted Release, you must contact the listed OPR for access) |
Aug 14, 2006 |
| CJCSI_6510.01E |
Assurance (IA) and Computer Network Defense (CND). | Aug 15, 2007 |
| CJCSM_6510.01 |
Information Assurance (IA) and Computer Network Defense (CND) Volume 1 (Incident Handgling Program) | Jun 24, 2009 |
| Joint Electronic Library | Joint Doctrine, Education and Training Resources. | Various |
| National Security Agency | ||
| NSA Security Guides | National Security Agency Security Guides | Various |
| Department of the Army | ||
| AR 12-7 | Security Assistance Teams | Jun 15, 1998 |
| AR 12-12 | Processing Discrepancy Reports Against Foreign Military Sales Shipments | Dec 17, 1991 |
| AR 25-1 | The Army Information Resources Management Program | Jul 15, 2005 |
| AR 25-2 | Information Assurance | Oct 24, 2007 |
| AR 70-1 | Army Acquisition Policy | Dec 31, 2003 |
| AR 380-5 | Department of the Army Information Security Program | Sep 29, 2000 |
| AR 380-6 | Laser Guidance System Security Classification Guide | Dec 1, 1983 |
| AR 380-10 | Foreign Disclosure, Technology Transfer, and Contacts with Foreign Representatives | Jun 22, 2005 |
| AR 380-13 | Acquisition and Storage of Information Concerning Non-affiliated Persons and Organizations | Sep 30, 1974 |
| AR 380-49 | Industrial Security Program | Apr 15, 1982 |
| AR 380-53 | Information Systems Security Monitoring | Apr 29, 1998 |
| AR 380-58 | Security Classification of Airborne Sensor Imagery and Imaging Systems | Feb 28, 1991 |
| AR 380-67 | The Department of Army Personnel Security Program | Sep 9, 1988 |
| AR 380-86 | Classification of Former Chemical Warfare, Chemical and Biological Defense, and Nuclear, Biological, Chemical Contamination Survivability Information | Jun 22, 2005 |
| AR 380-381 | Special Access Programs (SAPS) | Apr 21, 2004 |
| INFOSEC Documents Library 12 Series | Security Assistance and International Logistics | Various |
| INFOSEC Documents Library 380 Series | Security | Various |
| Department of the Navy | ||
| Department of the Navy Memorandum | Navy DON CIO Policy and Guidance | Various |
| Department of Navy Issuances | Department of Navy Issuances | Various |
| INFOSEC Documents Library (DoD PKI cert req'd) | Various | |
| Department of the Air Force | ||
| Air Force Electronic Publications | Various | |
| Marine Corps | ||
| Orders and Directives | Listing of Orders and Directives: Misc Pubs | Mar 28, 1990 |
| IRM5239-06 | Data Access Security | Mar 28, 1990 |
| IRM5239-08-A | Computer Security Procedures | May 3, 1995 |
| IRM5239-09 | Contingency Planning | Jul 5, 1989 |
| IRM5239-10 W/CH 1 | Small Computer Systems Security | May 23, 1990 |
| IRM5239-13 W/ERRATUM | System Security Plans | Apr 30, 1991 |
| MCO5239.2 | Marine Corps Information Assurance Program (MCIAP) | Nov 18, 2002 |
| MCO5271.1A | INFORMATION RESOURCES MANAGEMENT (IRM) STANDARDS AND GUIDELINES PROGRAM | Jun 10, 1993 |
| USMC References | Library of Reference Documents | Various |
| Defense Information Systems Agency | ||
| DISAI 630-230-19 DISA Employees Only | Automated Data Processing - Information Assurance (IA) | Mar 2, 2007 |
| DISA Publications | DISA Publications Page | Undated |
| Defense Switched Network (DSN) | The Defense Switched Network (DSN) Page | Various |
| DSN IA Information | The Defense Switched Network (DSN) | Various |
| DSN IA Policy | The Defense Switched Network (DSN) IA Documents | Various |
| DoD IT Standards Registry Online (DoD PKI cert req'd) | DoD IT Standards Registry (DISR) | Various |
| Government Accountability Office (GAO) | ||
| GAO-01-227 | Advances & Challenges to Adoption of PKI: This report provides an assessment of the issues and challenges the government faces in adopting PKI. | Feb 2001 |
| GAO-01-822 | Combating Terrorism: Selected challenges and related recommendations. | Sep 2001 |
| GAO-04-375 | Information Technology Major Federal Networks That Support Homeland Security Functions | Sep 2004 |
| Management Planning Guide for ISSA | Management Planning Guide for Information Systems Security Auditing | Dec 10, 2001 |
| AIMD-00-140 | Information Security: Vulnerabilities in DOE's Systems for Unclassified Civilian Research | Jun 2000 |
| AIMD-00-188R | Information Security: Software Change Controls at the Department of Defense | Jun 30, 2000 |
| AIMD-00-192R | Information Security: Software Change Controls at the Department of Labor | Jun 30, 2000 |
| AIMD-00-193R | Information Security: Software Change Controls at the Department of Transportation | Jun 30, 2000 |
| AIMD-00-199R | Information Security: Software Change Controls at the Department of State | Jun 30, 2000 |
| AIMD-00-200R | Information Security: Software Change Controls at the Department of the Treasury | Jun 30, 2000 |
| AIMD-00-215 | Information Security: Fundamental Weaknesses Place EPA Data and Operations at Risk | Jul 2000 |
| AIMD-00-295 | Information Security: Serious and Widespread Weaknesses Persist at Federal Agencies | Sep 2000 |
| AIMD-96-84 | Computer Attacks at the Department of Defense Pose Increasing Risks | May 1996 |
| AIMD-99-107 | Information Security: Serious Weaknesses Continue to Place Defense Operations at Risk | Aug 1999 |
| GAO-01-113T | Comparison of Federal Agency Practices With FTC's Fair Information Principles | Oct 11, 2000 |
| GAO-01-147R | Internet Privacy: Federal Agency Use of Cookies | Oct 20, 2000 |
| GAO-01-263 | High Risk Series: An Update | Jan 2001 |
| GAO-02-407 | Information Security: Additional Actions Needed to Fully Implement Reform Legislation. | May 2002 |
| GAO-04-467 | Information Security - Technologies to Secure Federal Systems | Mar 2004 |
| GGD-00-191 | Internet Privacy: Agencies' Efforts to Implement OMB's Privacy Policy | Sep 2000 |
| T-AIMD-00-229 | Critical Infrastructure Protection: Comments on the Proposed Cyber Security Information Act of 2000 | Jun 22, 2000 |
| T-AIMD-00-314 | Computer Security: Critical Federal Operations and Assets Remain at Risk | Sep 11, 2000 |
| T-AIMD-00-321 | VA Information Technology: Progress Continues Although Vulnerabilities Remain | Sep 11, 2000 |
| T-AIMD-00-330 | FAA Computer Security: Actions Needed to Address Critical Weaknesses That Jeopardize Aviation Operations | Sep 27, 2000 |
| T-RCED-00-225 | Nuclear Security: Information on DOE's Requirements for Protecting and Controlling Classified Documents | Jun 27, 2000 |
| National Institute of Standards and Technology (NIST) | ||
| FIPS Publications | Federal Information Processing Standards Publications | Various |
| NISTIR 7100 | PDA Forensics Tools: An Overview and Analysis | Aug 2004 |
| NIST Draft WIN2K Pro SA Guidance | NIST Draft System Administration Guidance for Windows 2000 Professional Available for comments. | Nov 19, 2002 |
| NIST Library | NIST Computer Security Resource Center (CSRC) | Various |
| NIST Special Pub 800-23 | Guidelines to Federal Organization on Security Assurance and Acquisition/Use of Tested/Evaluated Products | Aug 2000 |
| NIST Special Pub 800-34 | Contingency Planning Guide for Information Technology Systems | Jun 2002 |
| NIST Special Pub 800-37 | Guide for the Security Certification and Accreditation of Federal Information Systems | May 2004 |
| NIST Special Pub 800-41 | Guidelines on Firewall and Firewall Policy | |
| NIST Special Pub 800-42 | Guideline on Network Security Testing | Oct 2003 |
| NIST Special Pub 800-44 | Guidelines on Securing Public Web Servers | Sep 2002 |
| NIST Special Pub 800-53 | Recommended Security Controls for Federal Information Systems (Including errata updates through 05-04-2005) | Feb 2005 |
| NIST Special Pub 800-72 | Guidelines on PDA Forensics | Nov 2004 |
| NIST Special Pub 800-79 | Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations | July 2005 |
| Proposed E-Authentication Policy | The General Services Administration, in coordination with OMB, has published a proposed E-Authentication policy for public comment. | Jun 11, 2003 |
| XCCDF | eXtensible Configuration Checklist Description Format | Various |
| Committee on National Security Systems (CNSS) | ||
| CNSS Library Files | The Committee National Security Systems (CNSS) | Various |
| Index of National Security Systems Issuances | List of current governance | Sep 2004 |
| Strategic Command Directives (STRATCOM) | ||
| STRATCOM Directive 527-1 (INFOCON) (DoD PKI cert req'd) | Jan 27, 2006 | |
Listed by Category
| Document | Description | Last Modified |
|---|---|---|
| Acquisition | ||
| DoD Directive 5000.1 | The Defense Acquisition System Certified Current Nov 24, 2003 | May 12, 2003 |
| DoD Instruction 5000.2 | Operation of the Defense Acquisition System | May 12, 2003 |
| DoD Instruction 8580.1 | Information Assurance (IA) in the Defense Acquisition System | Jul 9, 2004 |
| FAQs for 8580.1 | Frequently Asked Questions: DoDI 8580.1 | Aug 5, 2004> |
| IA in the Defense Acquisition Guidebook | IA Section of the Draft Defense Acquisition Guidebook | Jul 9, 2004 |
| Trusted Products | Various | |
| Computer Network Defense | ||
| CJCSM 3150.07A | Joint Reporting Structure Communications Status | April 19, 2001 |
| CJCSI_6211.02C | Defense Information System Network (DISN): Policy and Responsibilities | Jul 9, 2008 |
| CJCSI_6510.01E | Information Assurance (IA) and Computer Network Defense (CND). | Aug 15, 2007 |
| CJCSM_6510.01 |
Information Assurance (IA) and Computer Network Defense (CND) Volume 1 (Incident Handgling Program) | Jun 24, 2009 |
| CND Matrix (DoD PKI cert req'd) | Matrix for obtaining computer data in criminal and counterintelligence investigations. | May 26, 2009 |
| CNDSP In-Brief Template (DoD PKI cert req'd) | CNDSP In-Brief Template | None listed |
| CNDSP Out-Brief Template (DoD PKI cert req'd) | CNDSP Out-Brief Template | Feb 19, 2004 |
| CNDSP SOP (DoD PKI cert req'd) | CNDSP C&A Evaluator Standard Operating Procedure Draft: Certification and Accreditation of CND service providers. | March 4, 2004 |
| CND Service Designation Checklist (DoD PKI cert req'd) | Serves as a tool by which a DoD component can identify the CND service provider supporting their component. | Jul 5, 2006 |
| Computer Security Enhancement Act of 2001 | Computer Security Enhancement Act | Nov 28, 2001 |
| INFOCON Signature Page (DoD PKI cert req'd) | Information Operations Condition | Mar 10, 1999 |
| INFOCON Enclosure (DoD PKI cert req'd) | Recommends actions to uniformly heighten or reduce defensive posture. | None listed |
| DoDD 5200.1-R | Information Security Program | Jan 17 1997 |
| DoDD 5200.2-R | Personnel Security Program | Jan 1987 |
| DoDD 3020.26 | Defense Continuity Program (DCP) Certified Current January 1, 2007 | Sep 8, 2004 |
| DoDD 3020.40 | Defense Critical Infrastructure Program(DCIP) | Aug 19, 2005 |
| DoDD 4640.6 | Communications Security Telephone Monitoring and recording | Jun 26 1981 |
| DoDI 5215.2 | Computer Security Technical Vulnerability Reporting Program (CSTVRP) | Sep 2, 1986 |
| DoDD O-8530.1 (DoD PKI cert req'd) | Computer Network Defense (CND) Directive. | Jan 08, 2001 |
| DoD O-8530.1-M (DoD PKI cert req'd) | CND Service Provider certification and accreditation process program manual. | Dec 17, 2003 |
| DoDI O-8530.2 (DoD PKI cert req'd) | Support to Computer Network Defense (CND) | Mar 9, 2001 |
| ESM (DoD PKI cert req'd) | Evaluator's Scoring Metrics: Please check link for latest version | None listed |
| ESM V5.0 (DoD PKI cert req'd) | Evaluator's Scoring Metrics Version 5.0 | Jan 16, 2006 |
| ESM V6.0 (DoD PKI cert req'd) | Evaluator's Scoring Metrics Version 6.0 | Oct 2, 2006 |
| ESM V7.0 - Valid in 2008 (DoD PKI cert req'd) | Evaluator's Scoring Metrics Version 7.0 | Oct 22, 2007 |
| ESM Outbrief (DoD PKI cert req'd) | ESM Score Table Graph for Outbrief | None listed |
| CND Response Actions Memo (DoD PKI cert req'd) | Guidance for Computer Network Defense Response Actions | Feb 26, 2003 |
| IAVA Process Handbook Updated! (DoD PKI cert req'd) | DISA IAVM Process Handbook | Feb 14, 2007 |
| MOA Between CND Service Provider and CND Service Subscriber (DoD PKI cert req'd) | DISA MOA addresses responsibilities of each party in regards to Support to CND, DoD Instruction O-8530.2 | Undated |
| NIST SP 800-26 | Self-Assessment Guide for Information Technology Systems | Nov 2001 |
| NSTISSP | National Information Assurance (IA) Policy for U.S. Space Systems | Undated |
| NSTISSI 1000 | National Information Assurance Certification and Accreditation Process (NIACAP) | Apr 2000 |
| OMB Circular A-130 | Management of Federal Information Systems | Feb 8, 1996 |
| WLAN Supplemental Policy Memo (DoD PKI cert req'd) | Supplemental Policy on Wireless LAN. | Jun 2, 1996 |
| DIACAP/DITSCAP | ||
| DoDI 8510.01 | Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Instruction. This Dod Instruction replaces existing DITSCAP guidance under DoDI 5200.40 and DoD 8510.1-M. | Nov 28, 2007 |
| DoD Directive 8910.1-M | DoD Procedures For Management Of Information Requirements | Jun 30, 1998 |
| CNSS Instruction No. 4009 | National Information Assurance (IA) Glossary | Jun 2006 |
| OMB A130 Transmittal Number 4 | Management of Federal Information Resources | Various |
| Subsection 552a of title 5, United States Code | Subsection 552a of title 5, United States Code | Jan 2, 2006 |
| Emerging Policy and Guidance | ||
| Davis Introduces Government Network Security Act of 2003 | Introduction and News release for the Government Network Security Act 2003 | Sep 24, 2003 |
| Government Regulations Feedback Web site | Web site offers the public to provide comment on regulations | Various |
| Government Network Security Act 2003 | H.R. 3159 Government Network Security Act 2003 | Sep 24, 2003 |
| Fact Sheet for Government Security Act 2003 | Fact Sheet for H.R. 3159 Government Network Security Act 2003 | Sep 25, 2003 |
| Enterprise Architecture | ||
| DoD IT Standards Registry (DISR online) | Formerly DoD Joint Technical Architecture | Various |
| Enterprise Architecture Congruence | Early versions of the Department of Defense (DoD) Enterprise Architecture (EA) Reference Models (RM)s | Various |
| GAO-04-777 | Homeland Security Efforts Under Way to Develop Enterprise Architecture, but Much Work Remains | Aug 2004 |
| Government CIO site | CIO Council site | Various |
| Navy EA site (account required) | VPO site | Various |
| FISMA | ||
| FISMA Official Wiki | Attention: Use the FISMA Official Wiki for all related information and documentation | Various |
| Global Information Grid | ||
| Global Information Grid Enterprise Services (GIG ES): Core Enterprise Services (CES) Implementation | This memorandum provides guidance for existing and future acquisition programs to implement the plans for Global Information Grid Enterprise Services (GIG ES). | Nov 12, 2003 |
| DoD Directive 8100.02 | Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG) Certified Current April 23, 2007 | Apr 14, 2004 |
| DoD Directive 8000.01 | Global Information Grid (GIG) Overarching Policy Certified Current June 22, 2009 | Feb 10, 2009 |
| Assistant Secretary of Defense Global Information Grid Memo | Sep 22, 1999 | |
| Chief Information Officer (CIO) Memorandum 6-8510 document being superceded by 8500.01E | DoD Chief Information Officer Guidance and Policy Memorandum No. 6-8510 "Department of Defense Global Information Grid Information Assurance", 16 June 2000. | Various |
| DoD CIO G&PM DoD GIG Computing | DoD Chief Information Officer (CIO) Guidance and Policy Memorandum (G&PM) No. 11-8450, Department of Defense (DoD) Global Information Grid (GIG) Computing | Apr 6, 2001 |
| IA Strategy | ||
| DASD CIIA Strategy New!
For users with disabilities having problems accessing document content, please contact IA-Web@disa.mil. |
Deputy Assistant Secretary of Defense for Cyber, Identity, and Information Assurance Strategy | Aug 2009 |
| Mission: Possible, Security to the Edge (full version) | Document discussing the importance of protecting the Global Information Grid (GIG). Full version. | Aug 2005 |
| Mission: Possible, Security to the Edge (powerpoint version) | Document discussing the importance of protecting the Global Information Grid (GIG). Powerpoint version. | Aug 2005 |
| Mission: Possible, Security to the Edge (trifold version) | Document discussing the importance of protecting the Global Information Grid (GIG). Brochure version. | Aug 2005 |
| Mission: Possible, Security to the Edge (single-gate version) | Document discussing the importance of protectin the Global Information Grid (GIG). Single-gate version | Aug 2005 |
| DoD IA Strategic Plan Version 1.1 | This document provides information regarding protecting information, defending systems and networks, providing IA situational awareness, transforming and enabling IA capabilities and creating an IA empowered workforce | Jan 2004 |
| Federal Computer Security Report Card | Evaluation of Information Assurance for each Government Agency | Mar 16, 2006 |
| The National Strategy to Secure Cyberspace | Strategy to secure Cyberspace signed by the President | Feb 2003 |
| Common Criteria | ||
| Common Criteria Protection Files | Common Criteria Protection Files | Various |
| NIAP Guidance Documents | NIAP Guidance Documents | Various |
| NSTISSAM COMPUSEC 1-99 | Advisory Memorandum on the Transition from the Trusted Computer System Evaluation Criteria to the International Common Criteria for Information Technology Security Evaluation | Mar 11, 1999 |
| NSA Certified Products | Trusted Product Evaluation Program,Commercial Product Evaluations | Various |
| NIST Special Publication 800-23 | Guideline to Federal Organization on Acquisition/Use of Tested/Evaluated Products | Aug 2000 |
| NSTISSP No. 11 Frequently Asked Questions | Frequently Asked Questions of the IA vendor community on complying with the National IA Acquisition Policy. | Various |
| NSTISSP No. 11 | NSTISSP No. 11, Revised Fact Sheet National Information Assurance Acquisition Policy | Jul 2003 |
| The Rainbow Series | Rainbow Series Library | Various |
| Validated Products | NIAP Validated Products List | Various |
| Information Security Oversight Office | ||
| Information Security Oversight Office Homepage | The Information Security Oversight Office (ISOO) is responsible to the President for policy oversight of the Government-wide security classification system and the National Industrial Security Program. | Various |
| ISOO Policies | Information Security Oversight Office Policy Documents | Various |
| Marking Classified National Security Information | Executive Order 12958, as amended, and ISOO Implementing Directive No. 1 prescribe a uniform security classification system. This system requires that standard markings be applied to classified information. | Sep 22, 2003 |
National Industrial Security Program (NISP) "The National Industrial Security Program Operating Manual Chapter 8 us not a substitute for DIACAP where certifying and accrediting information systems that process DoD information". | ||
| DoD 5220.22-M-SUP | National Industrial Security Program Operating Manual Supplement | Feb 1995 |
| DoD Directive 5220.22 | National Industrial Security Program September 24, 2004; Certified Current as of December 1, 2006 | Dec 1, 2006 |
| DoD 5220.22-M | National Industrial Security Program Operating Manual | Feb 2006 |
| Net Centricity | ||
| CJCSI 6212.01D | Interoperability and Supportability of Information Technology and National Security Systems Certified Current Mar 14, 2007 | Mar 8, 2006 |
| DoD Discovery Metadata Standard (DDMS) | A basis for organizations to begin planning, transitioning, and implementing metadata tagging initiatives that support the Department's goal of increased data visibility and Enterprise Discovery | Jul 29, 2005 |
| DoD Net-Centric Data Strategy | DoD CIO Memo | May 9, 2003 |
| DoD Instruction 4630.5 | Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS) Certified Current April 23, 2007 | May 5, 2004 |
| DoD Instruction 4630.8 | Procedures for Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS) | Jun 30, 2004 |
| DoD Directive 8320.02 | Data Sharing in a Net-Centric Department of Defense Certified Current April 23, 2007 | Dec 2, 2004 |
| DoD IT Standards Registry (DISR online) (Formerly DoD Joint Technical Architecture) | DoD IT Standards Registry (DISR) | Various |
| GIG NCOW | Enabling Transformation Achieving Net-Centric Operations and War fighting briefing | None listed |
| Freedom Of Information Act/Privacy Act | The goal of the NSA/CSS Freedom Of Information Act/Privacy Act Office is to release as much information as possible, consistent with the need to protect information under the exemption provisions of these laws. | Various |
| GIG NCES | GIG Enterprise Services web site | Various |
| Information Technology Portfolio Management | DoD Deputy Secretary of Defense Memo | Mar 22, 2004 |
| Net-Centric Checklist | The purpose of the Net-Centric Checklist is to assist program managers in understanding the net-centric attributes that their programs need to implement to move into the net-centric environment as part of a service-oriented architecture in the Global Information Grid | May 12, 2004 |
| Net-Centric Data Strategy | DoD Net-Centric Web site | Various |
| Network Centric Options | Office of Force Transformation Briefing - Net Centric Operations - The Power of Information Age Concepts and Technologies | Various |
| OSD Plans to use New 'Net-Centric Checklist | Article from Inside The Pentagon: OSD Plans to use New 'Net-Centric Checklist' During Program Reviews | Jul 8, 2004 |
| Peer-to-Peer (P2P) | ||
| ASD P2P Memo | Use of Peer-to-Peer file sharing applications across DoD **DoD PKI Cert Req'd | Nov 23, 2004 |
| Ports and Protocols | ||
| DoD Directive 8500.01E | Information Assurance Certified Current April 23, 2007 | Oct 24, 2002 |
| DoD Instruction 8500.2 | Information Assurance Implementation | Feb 6, 2003 |
| DoD Instruction 8551.1 | Ports, Protocols, and Services Management (PPSM) | Aug 13, 2004 |
| DoD Ports, Protocols and Services Security Technical Guidance | ASD NII / DoD CIO memo on upcoming Ports and Protocols guidance | Nov 5, 2002 |
| Firewall Guidance | A set of coordinated minimum firewall architectural and configuration 'best practices' as guidance for use on the NIPRNet by combatant commands, military services, and DoD agencies (C/S/As) in support of the Defense-in-Depth strategy | Sep 25, 2002 |
| JTF-GNO PNP Update Message | JTF-GNO Update on DoD, Ports and Protocol Program | Mar 14, 2003 |
| Listing of well known port numbers and associated services | Assigned Internet Protocol Numbers | Apr 7, 2005 |
| Listing of well known Transport Layer protocols | A listing of the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports. | Oct 18, 2004 |
| Privacy | ||
| Defense Privacy Office | Defense Privacy Office - multiple policy links | Various |
| E.O.13103 | Computer Software Piracy | Sep 30, 1998 |
| OMB M-99-18 | Memorandum for the Heads of Executive Departments and Agencies: Privacy Policies on Federal Web Sites | Jun 2, 1999 |
| OMB M-00-13 | OMB Privacy Policies and Data Collection on Federal Web Sites | Jun 22, 2000 |
| OMB M-01-05 | Guidance on Inter-Agency Sharing of Personal Data-Protecting Personal Privacy | Dec 20, 2000 |
| OMB M-07-17 | Safeguarding Against and Responding to the Breach of Personally Identifiable Information | May 22, 2007 |
| OSD 15041-07 | DoD Policy Memo: Safeguarding Against and Responding to the Breach of Personally Identifiable Information | Sep 21, 2007 |
| PII Signed Memo | DoD Memorandum - Provides guidance on protecting personally identifiable information responsive to recent OMB guidance (references (a) and (b) in the memorandum). | Aug 18, 2006 |
| Platform for Privacy Preferences Project | W3C Policy for Privacy Preferences Project | Various |
| Privacy Law | Lawmakers Roll Out Another Privacy Bill | >Jan 20, 2001 |
| Privacy Policies and Data Collection on Federal Web Sites Clarification | Office of Management and Budget Privacy Policy Clarification | Sep 5, 2000 |
| Privacy Policies and Data Collection on DoD Public Web Sites | Assistance Secretary of Defense Memorandum | Jul 13, 2000 |
| Public Law 93-579 | Privacy Act of 1974 | May 2004 |
| Safeguarding Privacy in the Fight against Terrorism | Report of the Technology and Privacy Advisory Committee | Mar 2004 |
| Public Key Infrastructure (PKI) | ||
| Assignment of Program Office Responsibilities | Assignment of Program Office Responsibilities for the Department of Defense Public Key Infrastructure (PKI) | Apr 9, 1999 |
| Cryptographic Modernization (DoD PKI cert req'd) | Cryptographic Modernization Program Office Web Site | Various |
| DoD X.509 Certificate Policy v10.0 | DoD X.509 Certificate Policy Version 10.0 | Mar 2, 2009 |
| DoD Key Recovery Policy Version 3.0 | DoD Key Recovery Policy Version 3.0 | Aug 31, 2003 |
| DoD PKI PK-enabling Instruction 8520.2 | Public Key Infrastructure PK enabling Instruction | Apr 1, 2004 |
| DoD PKI Road Map | Defines how we move from current implementations to final Target Architecture | Dec 18, 2000 |
| HSPD-12 | Policy for a Common Identification Standard for Federal Employees and Contractors. | Aug 27, 2004 |
| Security Configuration Guidelines | ||
| DISA Security Configuration Guides | DISA FSO Security Configuration Guidelines | Various |
| DoD Mobile Code Guides | Current List of DoD Mobile Code Guidance | Various |
| NSA Security Recommendation Guides | NSA Security Configuration Guides Library | Various |
| System Security Engineering Capability Maturity Model | The SSE-CMM describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering | Jun 15, 2003 |
| Tools | ||
| NSA Media Destruction Guidance | NSA Media Destruction Guidance is available for those who need to sanitize, destroy or dispose of media containing sensitive or classified information. | Various |
| Web Policy | ||
| S508-001 Memo | DoD Memorandum: Accessibility of DoD Web Sites to People with Disabilities | Jul 21, 2000 |
| Air Force Web Guidance | Links to the Air Force Web Policy and Guidance | Undated |
| Army Web Guidance | Guidance for Management of Publicly Accessible U.S. Army Web sites | Nov 07, 2006 |
| Audit Report D-2001-130 | DoD Internet Practices and Policies - Office of the Inspector General Department of Defense | May 31, 2001 |
| Compliance with DoD Web Site Administration Policy | Assistant Secretary of Defense Memorandum | May 31, 2001 |
| Correction of DoD Web Site Administration Policy | Amendment and Corrections to Web Site Administration Policies & Procedures - Updated 11 January 2002 | Jan 11, 2002 |
| DISA Web Policy (.gov & .mil only) | DISA Web Policy Handbook | Various |
| DoD 5200.1-PH | DoD Guide to Marking Classified Documents | Apr 1997 |
| DoDI 5120.4 | Electronic Newspaper Policy | May 29, 1996 |
| DoDD 5230.9 | Clearance of DoD Information for Public Release | Nov 21, 2003 |
| DoDI 5230.29 | Security and Policy Review of DoD Information for Public Release | Aug 6, 1999 |
| DoD Web Policies | This web page provides information on DoD Web Policies and Guidelines | Oct 13, 2006 |
| DoD Webmasters List FAQ | DoD Webmasters List of Frequently Asked Questions for the Web | Apr 25, 2006 |
| DoD Web Site Policies and Procedures | DoD Web Site Administration Policies and Procedures (with amendments marked in red) | Jan 11, 2002 |
| DoD Web Site Administration Policy and Procedures | Clearance Procedures for making Electronic Information Available to the Public | Nov 25, 1998 |
| Information Vulnerability | DoD Memorandum on Information Vulnerability and the World Wide Web | Sep 24, 1998 |
| M-05-04 | Policies for Federal Agency Public Web sites | Dec 17, 2004 |
| Memorandum 99-18 | Privacy Policies on Federal Web Sites | Jun 2, 1999 |
| Memorandum 00-13 | Privacy Policies and Data Collection of Federal Web Sites | Jun 22, 2000 |
| Privacy Policies and Data Collection | Privacy Policies and Data Collection on DoD Public Web Sites | Jul 13, 2000 |
| Navy Web Guidance | Department of the Navy Policy for Content of Publicly Accessible World Wide Web Sites | Jul 1, 1999 |
| Removal of Personally Identifying Information | OASD Memorandum, Removal of Personally Identifying Information of DoD Personnel from Unclassified Web Sites | Dec 28, 2001 |
| SECNAV Instruction 5720.47 Part A Part B | Department of the Navy Policy for Content Publicly Accessible World Wide Web sites | Oct 24, 2003 Dec 28, 2005 |
| Secretary of Defense Message to DoD | Web site OPSEC Discrepancies | Jan 14, 2003 |
| Windows 2000 | ||
| DoD Deployment of WIN2K Update | Windows 2000 Guidance Update | Apr 6, 2001 |
| WIN 2K Pro SA Guidance | NIST draft publication - available for comments. Windows 2000 Pro System Administrator Guidance | Nov 11, 2000 |
| Windows 2000 Guides | NSA Microsoft Windows 2000 Security Recommendation Guides | Various |
| Wireless Security | ||
| NIST Wireless Security Guidance SP 800-48 | Examines the benefits and security risks of 802.11 WLAN, Bluetooth Ad Hoc Networks, and PDAs. | Dec 4, 2002 |
| DoDI 8420.01 | Commercial Wireless Local-Area Network (WLAN) Devices, Systems, and Technologies | |
| Pentagon Wireless Security Policy | Pentagon Area Common Information (IT) Wireless Security Policy | Sep 25, 2002 |
| Wireless STIG | Current version of Wireless STIG | Various |
| Wireless Technologies (DoD PKI cert req'd) | Wireless Implementation & Security Briefing | Jun 1, 2004 |