US Policy&Guidance Complete

Executive Orders
Document Description Last Modified
E.O. Library Executive Orders Home Page Various
Federal Register Federal Register Website Various

Website
E.O.12333 Executive Order 12333 - United States Intelligence Activities December 4, 1981
E.O.12333 Memo Message from the Director CIA to Employees on Executive Order 12333 July 31, 2008
E.O.13103 Computer Software Piracy September 30,

1998
E.O.13130 National Infrastructure Assurance Council July 14, 1999
E.O.13231 Critical Infrastructure Protection in the Information Age October 16, 2001
E.O.13284 The Establishment of the Department of Homeland Security January 23, 2015
E.O.13354 National Counterterrorism Center August 27, 2004
E.O.13355 Strengthened Management of the Intelligence Community August 27, 2004
E.O.13356 Strengthening the Sharing of Terrorism Information to Protect Americans August 27, 2004
E.O.13587 Structural Reforms To Improve the Security of Classified Networks and the October 7, 2011
Responsible Sharing and Safeguarding of Classified Information
White House
National Security Strategy Homeland Security May 27, 2010
Congress
U.S. Congress Congressional Information and Resources Various
Senate
GISA Government Information Security Act of 2000 May 10,2000
H.R. 237 Consumer Internet Privacy Enhancement Act January 20, 2001
S-1999 Government Information Security Act of 1999 November 19, 1999
House of Representatives
H.R. 1259 Computer Security Enhancement Act of 2001 May 28,2001
H.R. 2281 Digital Millennium Copyright Act (DCMA) October 28, 1998
H.R. 2458-48 Federal Information Security Management Act of 2002 (Title III of E-Gov) None Assigned
Homeland Security
HSPD-7 Homeland Security Presidential Directive. Subject: Critical Infrastructure Identification, December 17,
Prioritization, and Protection. 2003
HSPD-12 Policy for a Common Identification Standard for Federal Employees and Contractors. August 27, 2004
Office of Management and Budget (OMB)

OMB A-123 Management Accountability and Control June 21, 1995
OMB A-130 Transmittal Number 4 Management of Federal Information Resources November 11,
2000
OMB Bulletins OMB Bulletins Various
OMB Circulars Link to OMB Web Site OMB - Circulars in Numerical Sequence Various
OMB M-00-13 Privacy Policies and Data Collection on Federal Web Sites June 22, 2000
OMB M-01-05 Guidance on Inter-Agency Sharing of Personal Data-Protecting Personal Privacy December 20,
2000
OMB M-01-24 Reporting Instructions for the Government Information Security Reform Act June 22, 2000
OMB M-02-01 Guidance for Preparing and Submitting Security Plans of Action and Milestones October 17, 2001
OMB M-04-25 FY04 Reporting Instructions for the Federal Information Security Management Act (FISMA) August 23, 2004
OMB M-05-04 Policies for Federal Agency Public Website's December 17,
2004
OMB M-06-16 Protection of Sensitive Agency Information June 23, 2006
OMB M-06-19 Reporting Incidents Involving Personally Identifiable Information Incorporating the Cost for July 12, 2006
Security in Agency Information Technology Investments
OMB M-07-11 Implementation of Commonly Accepted Security Configurations for Windows Operating March 22, 2007
Systems
OMB M-07-18 Ensuring New Acquisitions Include Common Security Configurations June 1, 2007
OMB M-15-13 Policy to Require Secure Connections across Federal Websites and Web June 8, 2015
Services
OMB M-99-18 Privacy Policies on Federal Web Sites June 2, 1999
OMB OMB Memoranda Various

Memoranda
Public Law
FISMA Act of 2002 Same as H.R. 2458-48 Various
FISMA FY04 Summary of government-wide performance in information technology management, March 1, 2005
Report to analysis of government-wide weaknesses in information technology security, plan of
Congress action to improve information technology security performance.
Public Law 93-579 Privacy Act of 1974 August 17, 2015
Public Law 100- Computer Security Act of 1987 January 8, 1988

235
Public Law 106- Title 10. Armed Forces Subtitle A. General Military Law Part IV. Service, Supply, and October 20,
344 Procurement Chapter 131. Planning and Coordination 2000
Department of Defense (DoD) Level Policy References

DISR Online (DoD PKI cert DoD IT Standards Registry (DISR) Various
req'd)
DoD 5200.1-R DoD 5200.1-R - Information Security Program - has been replaced with February 24,
DoDM 5200.1 Volumes 1,2,3,4. Search "5200" on the DTIC site. 2012
Additionally, see DoD 5200.01 link above.
DoD 5220.22-M (Volume 3) National Industrial Security Program: Procedures for Government April 17, 2014
Activities Relating to Foreign Ownership, Control, or Influence (FOCI)
DoD 8570.01-M Information Assurance Training, Certification, and Workforce Program January 24, 2012
Manual
DoD BIOS Protection DoD CIO Memorandum 8 September 2011 mandates implementation of September 8,
Guidance NIST SP 800-147, "BIOS Protection Guidelines," on DoD Information 2011
Systems (IS)
DoD Commercial Mobile This memorandum defines interim CMD use policy and establishes January 17, 2012
Device (CMD) Interim Policy responsibilities to increase mission capabilities of CMDs while adhering to
DoD security policies.
DoD Instruction 8551.1 Ports, Protocols, and Services Management (PPSM) May 8, 2014
DoD Issuances Official DoD Web Site for DoD Issuances: (Search DoD Directives, Various
Instructions, Publications, Administrative Instructions and Directive Type
Memoranda)
DoD O 8530.1-M (DoD PKI cert Computer Network Defense (CND) Service Provider Certification and December 17,
req'd) Accreditation Process 2003
DoD OIG Report - Internet Compliance with DoD Web Site Administration Policy May 31, 2001
Practices and Policies
DoD Policy Memorandum Mobile Code Technologies and Risk Category Assignments and Use March 14, 2011
(DoD PKI cert req'd) Restrictions
DoD Quadrennial Defense Defense Strategy: Purpose is to help shape the process of change to March 4, 2014
Review provide the United States of America with strong, sound and effective
warfighting capabilities in the decades ahead.
DoD Telework Guidance DoD Telework Guidance April 1, 2011
DoD Telework Policy DoD Telework Policy April 4, 2012
DoD Web Site Administration DoD Web Masters Policies and Guidelines Various
DoDD 5144.02 DoD Chief Information Officer (DoD CIO) November 21,
2014
DoDD 5210.50 Management of Serious Security Incidents Involving Classified Information October 27, 2014
DoDD 5230.09 Clearance of DoD Information for Public Release. August 22, 2008
DoDD 8000.01 Management of the Department of Defense Information Enterprise (DoD March 17, 2016
IE)
DoDD 8100.02 DoD Directive 8100.02, Use of Commercial Wireless Devices, Services, April 14, 2004
and Technologies in the Department of Defense (DoD) Global Information
Grid (GIG) Certified Current April 23, 2007
DoDD 8115.1 Information Technology Portfolio Management October 10, 2005
DoDD 8140.01 Cyberspace Workforce Management. (DoDD) 8140.01 reissues and August 11, 2015
renumbers DoDD 8570.1
DoDD 8500 Tutorial DoD Information Assurance (IA) Policy and Implementation. November 21,
2003
DoDD 8570 FAQ DoD Directive 8570 Information Assurance Training, Certification, and June 17, 2009
Workforce Management FAQ
DoDD 8581.1 Information Assurance (IA) Policy for Space Systems Used by the June 8, 2010
Department of Defense
DoDD O 8530.1 (DoD PKI cert Computer Network Defense (CND) Directive January 8, 2001
req'd)
DoDI 5120.4 DoD Newspapers, Magazines, Guides and Installation Maps May 29, 1996
DoDI 5200.01 DoD Information Security Program and Protection of Sensitive April 21, 2016
Compartmented Information
DoDI 5200.02 DoD Personnel Security Program. March 21, 2014
DoDI 5230.29 Security and Policy Review of DoD Information for Public Release. August 13, 2014
DoDI 8100.4 DoD Unified Capabilities (UC) December 9,

2010
DoDI 8110.1 Multi-National Information Sharing Networks Implementation. This November 25,
Instruction implements policy under DoD Directive 8000.01. 2014
DoDI 8115.02 Information Technology Portfolio Management Implementation October 30, 2006
DoDI 8330.01 Interoperability of Information Technology (IT), Including National Security May 21, 2014
Systems (NSS)
DoDI 8500.01 Cybersecurity March 14, 2014
DODI 8510.01 Risk Management Framework (RMF) for DoD Information Technology March 12, 2014
DoDI 8520.02 Public Key Infrastructure (PKI) and Public Key Enabling May 24, 2011
DoDI 8520.03 Identity Authentication for Information Systems May 13, 2011
DoDI 8530.01 Cybersecurity Activities Support to DoD Information Network Operations March 7, 2016
DoDI 8540.01 Cross Domain (CD) Policy May 8, 2015
DoDI 8550.01 DoD Internet Services and Internet-Based Capabilities September 11,
2012
DoDI 8580.1 Information Assurance (IA) in the Defense Acquisition System July 9, 2004
DoDI 8580.1 FAQ's Frequently Asked Questions: DoDI 8580.1 August 11, 2004
DoDI O 8530.2 (DoD PKI cert Support to Computer Network Defense (CND) March 9, 2001
req'd)
IA in the Defense Acquisition IA Section of the Draft Defense Acquisition Guidebook July 29, 2004
Guidebook
National Industrial Security NISPOM change was signed by the Under Secretary of Defense for February 28,
Program Operating Manual Intelligence. 2006
(NISPOM)
Open Source Software (OSS) Open Source Software in the Department of Defense (DoD) Memorandum October 16, 2009
in (DoD) Memorandum
Chairman of the Joint Chiefs of Staff

Computer Network Defense CJCSM Joint Reporting Structure Communications Status April 19, 2001
3150.07A (Deleted)
IA Annex to C4 Campaign plan (DoD PKI Systems Directorate(J-6) for the Joint Command, Control, February 1,
cert req'd) Communications and Computer(C4). 2005
CJCSI_6211.02D Defense Information System Network (DISN): Policy and January 24,
Responsibilities 2012
CJCSI 6212.01F NET READY KEY PERFORMANCE PARAMETER (NR KPP) March 21, 2012
CJCSI_6510.01F Assurance (IA) and Computer Network Defense (CND). February 9,

2011
CJCSM_6510.01B Cyber Incident Handling Program July 10, 2012
Joint Electronic Library Joint Doctrine, Education and Training Resources. Various
National Securty Agency

NSA IA Security Guides National Security Agency Security Guides Various
Department of the Army

AR 12-7 Security Assistance Teams June 23, 2009
AR 25-1 The Army Information Resources Management Program June 25, 2013
AR 25-2 Information Assurance March 23, 2009
AR 70-1 Army Acquisition Policy July 22, 2011
AR 380-5 Department of the Army Information Security Program September 29,

2000
AR 380-10 Foreign Disclosure, Technology Transfer, and Contacts with Foreign July 14, 2015
Representatives
AR 380-13 Acquisition and Storage of Information Concerning Non-affiliated Persons and September 30,
Organizations 1974
AR 380-49 Industrial Security Program March 20, 2013
AR 380-53 Information Systems Security Monitoring December 23,

2011
AR 380-67 The Department of Army Personnel Security Program January 24, 2014
AR 380-86 Classification of Former Chemical Warfare, Chemical and Biological Defense, June 22, 2005
and Nuclear, Biological, Chemical Contamination Survivability Information
AR 380-381 Special Access Programs (SAPS) April 21, 2004
INFOSEC Documents Security Assistance and International Logistics Various

Library 12 Series
INFOSEC Documents Security Various

Library 380 Series
AR 25-1-1 Army Information Technology Implementation Instructions September 26,

2014
Department of the Navy

Department of the Navy Memorandum Navy DON CIO Policy and Guidance Various
Department of Navy Issuances Department of Navy Issuances Various
INFOSEC Documents Library (DoD PKI cert req'd) INFOSEC Documents Library Various
Department of the Air Force

Air Force Electronic Publications Air Force Electronic Publications Various
Marine Corps
Orders and Directives Listing of Orders and Directives: Misc Pubs March 28, 1990
MCO5239.2a Marine Corps Information Assurance Program (MCIAP) November 18, 2002
USMC References Library of Reference Documents Various
Defense Information Systems Agency (DISA)

DISAI 630-230-19 Automated Data Processing - Information Assurance

(IA)
DISA Publications DISA Publications Page
Defense Switched Network (DSN) The Defense Switched Network (DSN) Page Various
DoD IT Standards Registry Online (DoD PKI cert DoD IT Standards Registry (DISR) Various
req'd)
Government Accountability Office (GAO)

GAO-01-277 Advances & Challenges to Adoption of PKI: This report provides an assessment February 1, 2001
of the issues and challenges the government faces in adopting PKI.
GAO-01-822 Combating Terrorism: Selected challenges and related recommendations. September 1,

2001
GAO-04-375 Information Technology Major Federal Networks That Support Homeland September 1,
Security Functions 2004
Management Planning Management Planning Guide for Information Systems Security Auditing December 10,
Guide for ISSA 2001
AIMD-00-140 Information Security: Vulnerabilities in DOE's Systems for Unclassified Civilian June 1, 2000
Research
AIMD-00-188R Information Security: Software Change Controls at the Department of Defense June 30, 2000
AIMD-00-192R Information Security: Software Change Controls at the Department of Labor June 30, 2000
AIMD-00-193R Information Security: Software Change Controls at the Department of June 30, 2000
Transportation
AIMD-00-199R Information Security: Software Change Controls at the Department of State June 30, 2000
AIMD-00-200R Information Security: Software Change Controls at the Department of the June 30, 2000
Treasury
AIMD-00-215 Information Security: Fundamental Weaknesses Place EPA Data and Operations July 1, 2000
at Risk
AIMD-00-295 Information Security: Serious and Widespread Weaknesses Persist at Federal September 1,
Agencies 2000
AIMD-96-84 Computer Attacks at the Department of Defense Pose Increasing Risks May 1, 1996
AIMD-99-107 Information Security: Serious Weaknesses Continue to Place Defense August 26, 2009
Operations at Risk
GAO-01-113T Comparison of Federal Agency Practices With FTC's Fair Information Principles October 11, 2000
GAO-01-147R Internet Privacy: Federal Agency Use of Cookies October 20, 2000
GAO-01-263 High Risk Series: An Update January 1, 2001
GAO-02-407 Information Security: Additional Actions Needed to Fully Implement Reform May 1, 2002
Legislation.
GAO-04-467 Information Security - Technologies to Secure Federal Systems March 1, 2004
GGD-00-191 Internet Privacy: Agencies' Efforts to Implement OMB's Privacy Policy September 1,
2000
T-AIMD-00-229 Critical Infrastructure Protection: Comments on the Proposed Cyber Security June 22, 2000
Information Act of 2000
T-AIMD-00-314 Computer Security: Critical Federal Operations and Assets Remain at Risk September 11,
2000
T-AIMD-00-321 VA Information Technology: Progress Continues Although Vulnerabilities Remain September 21,
2000
T-AIMD-00-330 FAA Computer Security: Actions Needed to Address Critical Weaknesses That September 27,
Jeopardize Aviation Operations 2000
T-RCED-00-247 Nuclear Security: Information on DOE's Requirements for Protecting and July 11, 2000
Controlling Classified Documents
National Institute of Standards and Technology (NIST)

NISTIR 7100 PDA Forensics Tools: An Overview and Analysis August 1, 2004
NIST Draft WIN2K Pro SA NIST System Administration Guidance for Windows 2000 Professional November 19,
Guidance Document 2002
NIST Library NIST Computer Security Resource Center (CSRC) Various
NIST Special Pub 800-23 Guidelines to Federal Organization on Security Assurance and Acquisition/Use August 1, 2000
of Tested/Evaluated Products
NIST Special Pub 800-34, Contingency Planning Guide for Federal Information Systems May 1, 2010
Revision 1
NIST Special Pub 800-37 Guide for Applying the Risk Management Framweork to Federal Information February 2010
Systems (a Security Life Cycle Approach)
NIST Special Pub 800-39 Guide for Managing Information Security Risk (Organization, Mission, and March 1, 2011
Information System View)
NIST Special Pub 800-41 Guidelines on Firewall and Firewall Policy September 2009
NIST Special Pub 800-115 Technical Guide to Information Security Testing and Assessment (replaces SP September 1,
800-42: Guideline on Network Security Testing) 2008
NIST Special Pub 800-44 Guidelines on Securing Public Web Servers September 2007
NIST Special Pub 800-53, Security and Privacy Controls for Federal Information Systems and April 1, 2013
Revision 4 Organizations
NIST Special Pub 800- Guide for Assessing the Security Controls in Federal Information Systems and June 1, 2010
53A, Revision 1 Organizations, Building Effective Security Assessment Plans
NIST Special Pub 800-72 Guidelines on PDA Forensics November 1,

2004
NIST Special Pub 800-79-2 Guidelines for the Authorization of Personal Identity Verification Card Issuers July 2015
(PCI) and Derived PIV Credential Issuers (DPCI)
Proposed E- The General Services Administration, in coordination with OMB, has published July 30, 2013
Authentication Policy a proposed E-Authentication policy for public comment.
XCCDF eXtensible Configuration Checklist Description Format Various
Committee on National Security Systems (CNSS)

CNSS Library The Committee National Security Systems (CNSS) Libary - CNSS Home page and select Various
Files Library from top navigation bar.
Strategic Command Directives (STRATCOM)

STRATCOM Directive 527-1 (INFOCON) (DoD PKI cert req'd) March 27, 2015
Listed by Category
Acquisition
IA in the Defense Acquisition Guidebook IA Section of the Draft Defense Acquisition Guidebook July 29, 2004
DoDI 8580.1 Information Assurance (IA) in the Defense Acquisition System July 9, 2004
DoDI 8580.1 FAQ's Frequently Asked Questions: DoDI 8580.1 August 11, 2004
DoD Instruction 5000.02 Operation of the Defense Acquisition System January 15, 2015
Common Criteria
NIST Special Pub 800- Guidelines to Federal Organization on Security Assurance and Acquisition/Use of August 1, 2000
23 Tested/Evaluated Products
NSTISSP No. 11 NSTISSP No. 11, Revised Fact Sheet National Information Assurance Acquisition July 1, 2003
Policy
NIAP Validated NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Various
Products List Systems
Computer Network Defense (CND)

There are no items to show in this view of the "Policy-Guidance" list.
Cybersecurity/RMF for DoD IT

DoD Directive 8910.1-M DoD Procedures For Management Of Information Requirements May 19, 2014
CNSS Instruction No. 4009 National Information Assurance (IA) Glossary April 6, 2015
Subsection 552a of title 5, United FOIA, 5 U.S.C. Sect.552 as amended by Public Law No. 104-231, August 13, 2014
States Code 110 Stat. 3048
13 Aug 2014
RMF for DoD IT Risk Management Framework (RMF) for DoD Information March 12, 2014
Technology (IT)
DoDI 8500.01 Cybersecurity March 14, 2014
DODI 8510.01 Risk Management Framework (RMF) for DoD Information March 12, 2014
Technology
DoD Strategic Communications Integration Group (SCIG)

SCIG Memorandum DoD Strategic Communication Integration Group (SCIG) Memorandum January 31, 2007
Enterprise Architecture
DISR Online (DoD PKI cert DoD IT Standards Registry (DISR) Various
req'd)
DoD IT Standards Registry DoD IT Standards Registry (DISR) Various

Online (DoD PKI cert req'd)
Enterprise Architecture Early versions of the Department of Defense (DoD) Enterprise Architecture April 7, 2014
Congruence (EA) Reference Models (RM)s
GAO-04-777 Report to the Subcommittee on Technology, Information Policy, August 1, 2004

Intergovernmental Relations and the Census, Committee on Government
Reform, House of Representatives
Government CIO site CIO Council site Various
FISMA
FISMA Official Wiki (DoD PKI cert Use the FISMA Official Wiki for all related information and Various
req'd) documentation
Global Information Grid

DoDD 8000.01 Management of the Department of Defense Information March 17, 2016
Enterprise (DoD IE)
DoDD 8100.02 DoD Directive 8100.02, Use of Commercial Wireless Devices, April 14, 2004
Services, and Technologies in the Department of Defense (DoD)
Global Information Grid (GIG) Certified Current April 23, 2007
Global Information Grid Enterprise This memorandum provides guidance for existing and future November 12,
Services (GIG ES): Core Enterprise acquisition programs to implement the plans for Global 2003
Services (CES) Implementation Information Grid Enterprise Services (GIG ES).
Cybersecurity Strategy
DASD CIIA Strategy Deputy Assistant Secretary of Defense for Cyber, Identity, and Information August 2009
Assurance Strategy.
Mission: Possible, Security Document discussing the importance of protecting the Global Information Grid February 2,
to the Edge (full version) (GIG). Full version. 2005
Mission: Possible, Security Document discussing the importance of protecting the Global Information Grid August 31, 2005
to the Edge (powerpoint (GIG). Powerpoint version.
version)
Mission: Possible, Security Document discussing the importance of protecting the Global Information Grid February 2,
to the Edge (trifold version) (GIG). Brochure version. 2005
Mission: Possible, Security Document discussing the importance of protectin the Global Information Grid February 2,
to the Edge (single-gate (GIG). Single-gate version 2005
version)
DoD IA Strategic Plan This document provides information regarding protecting information, defending January 1, 2004
Version 1.1 systems and networks, providing IA situational awareness, transforming and
enabling IA capabilities and creating an IA empowered workforce
The National Strategy to Strategy to secure Cyberspace signed by the President February 1,
Secure Cyberspace 2003
Information Security Oversight

Information Security The Information Security Oversight Office (ISOO) is responsible to the President for Various
Oversight Office policy oversight of the Government-wide security classification system and the
Homepage National Industrial Security Program.
ISOO Policies Information Security Oversight Office Policy Documents Various
Marking Classified Executive Order 13526( replacing E.O. 12958), as amended, and ISOO January 2014
National Security Implementing Directive No. 1 prescribe a uniform security classification system. This
Information system requires that standard markings be applied to classified information.
National Industrial Security Program

DoD 5220.22-M National Industrial Security Program: Procedures for Government Activities Relating to April 17, 2014
(Volume 3) Foreign Ownership, Control, or Influence (FOCI)
DoD 5220.22-M-SUP National Industrial Security Program Operating Manual Supplement February 1,
1995
DoD Directive National Industrial Security Program September 24, 2004; Certified Current as of March 18, 2011
5220.22 December 1, 2006
Net Centricity
CJCSI 6212.01F NET READY KEY PERFORMANCE PARAMETER (NR KPP) March 21, 2012
DoD Net-Centric Data Strategy DoD CIO Memo May 9, 2003
DoD Directive 8320.02 Data Sharing in a Net-Centric Department of Defense Certified Current August 25, 2013
April 23, 2007
DoD IT Standards Registry (DISR DoD IT Standards Registry (DISR) Various

online) (Formerly DoD Joint
Technical Architecture) (DoD PKI
cert req'd)
GIG NCOW Enabling Transformation Achieving Net-Centric Operations and War None listed
fighting briefing
Freedom Of Information The goal of the NSA/CSS Freedom Of Information Act/Privacy Act Office Various
Act/Privacy Act is to release as much information as possible, consistent with the need to
protect information under the exemption provisions of these laws.
GIG NCES GIG Enterprise Services web site Various
DoD Directive 8115.01 Information Technology Portfolio Management October 10,

2005
Net-Centric Checklist The purpose of the Net-Centric Checklist is to assist program managers May 12, 2004
in understanding the net-centric attributes that their programs need to
implement to move into the net-centric environment as part of a service-
oriented architecture in the Global Information Grid
Net-Centric Data Strategy DoD Net-Centric Web site May 9, 2003
Peer to Peer (P2P)

There are no items to show in this view of the "Policy-Guidance" list.
Public Key Infrastructure (PKI)

DoDI 8520.03 Identity Authentication for Information Systems May 13, 2011
Assignment of Program Office Assignment of Program Office Responsibilities for the Department of April 9, 1999
Responsibilities Defense Public Key Infrastructure (PKI)
DoD X.509 Certificate Policy United States Department of Defense X.509 Certificate Policy June 12, 2012
DoD Key Recovery Policy Version Key Recovery Policy for the United States Department of Defense August 31, 2003
3.0 Version 3.0
DoD PKI PK-enabling Instruction Public Key Infrastructure PK enabling Instruction May 24, 2011
8520.2
DoD PKI Road Map Defines how we move from current implementations to final Target 1999
Architecture
HSPD-12 Policy for a Common Identification Standard for Federal Employees and August 27, 2004
Contractors.
DoDI 8520.02 Public Key Infrastructure (PKI) and Public Key Enabling May 24, 2011
Ports and Protocols

DoD Instruction Ports, Protocols, and Services Management (PPSM) May 8, 2014
8551.1
Category Assurance This guidance is used by Organizations, Systems, and Enterprise DAA Certification &
List (CAL) Sorted by Accreditation processes; acquisition and development Program Managers and
Ports (DoD PKI cert engineers responsible for developing and implementing DoD Information Systems;
req'd) and Network Administrators responsible for the configuration of network security
device
Category Assurance This guidance is used by Organizations, Systems, and Enterprise DAA Certification &
List (CAL) Sorted by Accreditation processes; acquisition and development Program Managers and
Data Services (DoD engineers responsible for developing and implementing DoD Information Systems;
PKI cert req'd) and Network Administrators responsible for the configuration of network security
device
Category Assurance This Document tracks changes made to the Category Assurance List
List (CAL) Record of
Changes (DoD PKI
cert req'd)
Vulnerability These guidance are used by Organizations, Systems, and Enterprise DAA
Assessment Reports Certification & Accreditation processes; acquisition and development Program
Directory (DoD PKI Managers and engineers responsible for developing and implementing DoD
cert req'd) Information Systems; and Network Administrators responsible for the configuration of
network security device
PPSM Exception The Department of Defense is committed to the interoperability, security, and the
Management Process mitigation of shared risks to DoD Information Systems (DoD IS). It is therefore
(DoD PKI cert req'd) paramount that all Combatant Commands/Services/Agencies (CC/S/A) ensure that all
DoD IS ports, protocols, and services, that are accessible to the DoD Enterprise or
Component managed networks are acquired, developed, implemented, and
registered in the Ports, Protocols, and Services Management (PPSM) central registry
in accordance with DoD Instruction 8551.1, Ports, Protocols, and Services
Management. In addition, the PPSM program performs Vulnerability Assessments
(VA) on ports, protocols, and services entered into the PPSM Registry, assigning
each protocol, or service a Category Assurance Level and establishing the minimum
required mitigations based on common assessment criteria. When coupled with the
appropriate Security Technical Implementation Guide (STIG), the VA reports enhance
network security by creating an authoritative source for known vulnerabilities and
minimum mitigating controls required for all ports, protocols, and services deployed
across the Global Information Grid (GIG). This information is to be used to configure
network security devices such as routers, firewalls, and intrusion detection/prevention
devices to allow only approved protocols or services
PPSM Registry User PPSM Registry User GuiPPSM Registry User Guide *PKI This guide provides
Guide (DoD PKI cert instructions for performing the following functions associated with initiating,
req'd) submitting, and updating a Department of Defense Information System (DoD IS)
registration on the DoD Ports, Protocols, and Services Management Registry:
- Accessing the DoD Ports, Protocols, and Services Management Registry
- Preparing and submitting a DoD IS registration
- Searching for a DoD IS registration
- Maintaining a DoD IS registration, including points of contact
- Viewing technical guidance
- Maintaining your profile, including your password
- Viewing system release change notifications
Each functional subsection includes an overview, a description of the user's role and
responsibilities, and the steps to perform each function. de *PKI This guide provides
instructions for performing the following functions associated with initiating,
submitting, and updating a Department of Defense Information System (DoD IS)
registration on the DoD Ports, Protocols, and Services Management Registry:
Privacy
H.R. 237 Consumer Internet Privacy Enhancement Act January 20, 2001
OMB M-00-13 Privacy Policies and Data Collection on Federal Web Sites June 22, 2000
OMB M-01-05 Guidance on Inter-Agency Sharing of Personal Data-Protecting December 20,

Personal Privacy 2000
OMB M-99-18 Privacy Policies on Federal Web Sites June 2, 1999
Defense Privacy Office Defense Privacy Office - multiple policy links Various
E.O.13103 Computer Software Piracy September 30,

1998
OMB M-07-16 Safeguarding Against and Responding to the Breach of Personally May 22, 2007
Identifiable Information
OSD 15041-07 DoD Policy Memo: Safeguarding Against and Responding to the September 21,
Breach of Personally Identifiable Information 2007
Platform for Privacy Preferences W3C Policy for Privacy Preferences Project Various
Project
Department of the Navy (DON) DON Privacy Program December 28,

Privacy Program 2005
Public Law 93-579 Privacy Act of 1974 May 1, 2004
Security Recommendation Guides (SRG)

NSA IA Security Guides National Security Agency Security Guides Various
DISA Security Configuration Guides DISA FSO Security Configuration Guidelines Various
DoD Mobile Code Guides (DoD PKI cert req'd) Current List of DoD Mobile Code Guidance Various
Tools
NSA Media NSA Media Destruction Guidance is available for those who need to sanitize, destroy Various
Destruction Guidance or dispose of media containing sensitive or classified information.
Web Policy
OMB M-05-04 Policies for Federal Agency Public Website's December 17,
2004
DoD OIG Report - Internet Practices Compliance with DoD Web Site Administration Policy May 31, 2001
and Policies
DoD Web Site Administration DoD Web Masters Policies and Guidelines Various
DoDD 5230.09 Clearance of DoD Information for Public Release. August 22, 2008
DoDI 5230.29 Security and Policy Review of DoD Information for Public August 13, 2014
Release.
DoDI 8550.01 DoD Internet Services and Internet-Based Capabilities September 11,
2012
DoD Section 508 DoD Section 508 None Assigned
Air Force Web Guidance Links to the Air Force Web Policy and Guidance Various
Army Web Guidance Guidance for Management of Publicly Accessible U.S. Army Web Various
sites
DoDI 5120.04 DoD Newspapers, Magazines, Guides, and Installation Maps March 17, 2015
Privacy Policies and Data Collection Privacy Policies and Data Collection on DoD Public Web Sites July 13, 2000
Navy Web Guidance Department of the Navy Policy for Content of Publicly Accessible December 28,
World Wide Web Sites 2005
SECNAV Instruction 5720.47 (Part A) Department of the Navy Policy for Content Publicly Accessible October 24, 2003
World Wide Web sites
SECNAV Instruction 5720.47 (Part B) Department of the Navy Policy for Content Publicly Accessible December 28,
World Wide Web sites 2005
Wireless Security
DoD Commercial Mobile This memorandum defines interim CMD use policy and establishes January 17,
Device (CMD) Interim Policy responsibilities to increase mission capabilities of CMDs while adhering to 2012
DoD security policies.
NIST Wireless Security Rev 1. Guide to securing egacy IEEE802.11 Wireless Networks July 2008
Guidance SP 800-48
DoDI 8420.01 Commercial Wireless Local-Area Network (WLAN) Devices, Systems, and November 3,
Technologies 2009
Wireless STIG Current version of Wireless STIG Various

US Policy&amp;Guidance Complete

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

US Policy&amp;Guidance Complete

Hochgeladen von

Copyright:

Verfügbare Formate

Executive Orders

Document Description Last Modified

E.O. Library Executive Orders Home Page Various

Federal Register Federal Register Website Various

E.O.13103 Computer Software Piracy September 30,

E.O.13130 National Infrastructure Assurance Council July 14, 1999

E.O.13354 National Counterterrorism Center August 27, 2004

E.O.13355 Strengthened Management of the Intelligence Community August 27, 2004

National Security Strategy Homeland Security May 27, 2010

U.S. Congress Congressional Information and Resources Various

GISA Government Information Security Act of 2000 May 10,2000

S-1999 Government Information Security Act of 1999 November 19, 1999

H.R. 1259 Computer Security Enhancement Act of 2001 May 28,2001

Office of Management and Budget (OMB)

OMB A-123 Management Accountability and Control June 21, 1995

OMB Bulletins OMB Bulletins Various

OMB M-06-16 Protection of Sensitive Agency Information June 23, 2006

OMB M-99-18 Privacy Policies on Federal Web Sites June 2, 1999

OMB OMB Memoranda Various

FISMA Act of 2002 Same as H.R. 2458-48 Various

Public Law 93-579 Privacy Act of 1974 August 17, 2015

Public Law 100- Computer Security Act of 1987 January 8, 1988

Department of Defense (DoD) Level Policy References

DoD Telework Guidance DoD Telework Guidance April 1, 2011

DoD Telework Policy DoD Telework Policy April 4, 2012

DoDD 8115.1 Information Technology Portfolio Management October 10, 2005

DoDI 5200.02 DoD Personnel Security Program. March 21, 2014

DoDI 8100.4 DoD Unified Capabilities (UC) December 9,

DoDI 8500.01 Cybersecurity March 14, 2014

DoDI 8540.01 Cross Domain (CD) Policy May 8, 2015

Chairman of the Joint Chiefs of Staff

CJCSI_6510.01F Assurance (IA) and Computer Network Defense (CND). February 9,

CJCSM_6510.01B Cyber Incident Handling Program July 10, 2012

National Securty Agency

NSA IA Security Guides National Security Agency Security Guides Various

Department of the Army

AR 12-7 Security Assistance Teams June 23, 2009

AR 25-2 Information Assurance March 23, 2009

AR 70-1 Army Acquisition Policy July 22, 2011

AR 380-5 Department of the Army Information Security Program September 29,

AR 380-49 Industrial Security Program March 20, 2013

AR 380-53 Information Systems Security Monitoring December 23,

AR 380-381 Special Access Programs (SAPS) April 21, 2004

INFOSEC Documents Security Assistance and International Logistics Various

INFOSEC Documents Security Various

AR 25-1-1 Army Information Technology Implementation Instructions September 26,

Department of the Navy

Department of Navy Issuances Department of Navy Issuances Various

Department of the Air Force

Air Force Electronic Publications Air Force Electronic Publications Various

USMC References Library of Reference Documents Various

Defense Information Systems Agency (DISA)

DISAI 630-230-19 Automated Data Processing - Information Assurance

DISA Publications DISA Publications Page

Government Accountability Office (GAO)

GAO-01-822 Combating Terrorism: Selected challenges and related recommendations. September 1,

GAO-01-263 High Risk Series: An Update January 1, 2001

GAO-04-467 Information Security - Technologies to Secure Federal Systems March 1, 2004

National Institute of Standards and Technology (NIST)

NIST Library NIST Computer Security Resource Center (CSRC) Various

NIST Special Pub 800-72 Guidelines on PDA Forensics November 1,

XCCDF eXtensible Configuration Checklist Description Format Various

Committee on National Security Systems (CNSS)

Strategic Command Directives (STRATCOM)

US Policy&Guidance Complete

US Policy&Guidance Complete