army information assurance

By /
information assurance army
information assurance army

AR 25-2, Information Assurance is the main guideline document for Army Information Assurance.

AR 25-2 breaks down the Army Information Assurance Program (AIAP) which is designed to to be a one stop shop for protecting the confidentiality, integrity and availability of unclassified, sensitive, or
classified information stored, processed, accessed, or transmitted by Army Information Systems.  AIAP is the Army’s flavor of implementing DODD 8500.1, DODI 8500.2, and Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01 to align Information Assurance goals.

Like all of the others branches of the US Armed Forces, the Army certification & Accreditation part of the IA program will have to change to a more risk management framework as the DoD changes
to a more NIST back Risk Management Frame work. But most of the main best practice system security items won’t change.

information assurance army
information assurance army

Army Information Assurance program describes the responsibilities offices:

    • Chief Information Officer
    • Principal Headquarters, Department of the Army officials and staff
    • Administrative Assistant to the Secretary of the Army
    • Assistant Secretary of the Army for Acquisition, Logistics, and Technology
    • The Deputy Chief of Staff, G-2
    • The Deputy Chief of Staff, G-3
    • The Deputy Chief of Staff, G-4
    • Commanders of Army Commands; Army Service Component Commands; Direct Reporting Units; U.S. Army
    • Reserve; Army National Guard; program executive officers; direct reporting program managers; Regional Chief
    • Information Officers; Functional Chief Information Officers; and the Administrative Assistant to the Secretary of
    • the Army
    • Commander, 1st Information Operations Command
    • Commanding General, Network Enterprise Technology Command/9th Signal Command (Army)
    • Commanding General, U.S. Army Training and Doctrine Command
    • Commanding General, U.S. Army Materiel Command
    • Commanding General, U.S. Army Intelligence and Security Command
    • Commanding General, U.S. Army Criminal Investigation Command
    • Chief, Army National Guard
    • Chief, Army Reserve
    • U.S. Army Reserve Command Chief of Staff
    • U.S. Army Corps of Engineers Chief of Engineers
    • U.S. Army Corps of Engineers Chief Information Officer
    • Commanding General, Eighth Army
    • Commanding General, U.S. Army Europe
    • Commanding General, U.S. Army Medical Command
    • Program executive officers and direct reporting program/project managers
    • Commanders, directors, and managers
    • Garrison commanders
    • U.S. Army Reserve major subordinate command
    • Army National Guard state DOIM/J6/CIO
    • Regional Chief Information Officer
    • Army Reserve command/unit/activity G–6
    • Director of Information Management

AR 25-2 also explains the Army Information Assurance Program Personnel Structure including Information assurance support personnel where contractor fit in the structure.

AR 25-2 is the Information Assurance Policy which includes funding and Information Assurance training.   Mission assurance category, levels of confidentiality, and levels of robustness are explained.

The topics of the Army Information Assurance include:

    • Software Security
    • Security Controls
    • Database management
    • Design and test
    • Hardware, Firmware, and Physical Security
    • Hardware–based security controls
    • Maintenance personnel
    • Security objectives and safeguards
    • Procedural Security
    • Password control
    • Release of information regarding information system infrastructure architecture
    • Personnel Security
    • Personnel security standards
    • Foreign access to information systems
    • Information Systems Media
    • Protection requirements
    • Labeling, marking, and controlling media
    • Clearing, purging (sanitizing), destroying, or disposing of media
    • Network Security
    • Cross-domain security interoperability
    • Network security
    • Incident and Intrusion Reporting
    • Information system incident and intrusion reporting
    • Reporting responsibilities
    • Compromised information systems guidance
    • Information Assurance Vulnerability Management
    • Information assurance vulnerability management reporting process
    • Compliance reporting
    • Compliance verification
    • Operating non-compliant information system
    • Certification & Accreditation
    • Communication Security
    • Risk Management

 

Leave a Comment

Your email address will not be published. Required fields are marked *