Fegami Un-highlight all Un-highlight selection u Highlight selection h. Establishes procedures for document marking, safeguarding and use, personnel access controls, need to know criteria, physical storage and control, and transmitting, reproducing, and destroying information. Those trying to get a clearance may have questions such as how does one go about attaining a clearance? I am directly responsible for ensuring compliance with all applicable governing directives.

Author:Zulkijind Shakagrel
Country:Sierra Leone
Language:English (Spanish)
Published (Last):13 March 2010
PDF File Size:13.65 Mb
ePub File Size:20.82 Mb
Price:Free* [*Free Regsitration Required]

No specific security measure contained in this Manual exceeds the requirements for standards supporting Sensitive Compartmented Information SCI. This Manual provides enhanced security measures exceeding those normally required by DoD The provisions of this Manual are applicable to all government and contractor personnel participating in the administration of DoD SAPs.

In cases of doubt over the requirements of this Manual, users should consult the Program Security Officer prior to taking any action. This Manual is effective upon publication and will be implemented as outlined in the next paragraph. Appropriate implementation instructions will be specified in contractual documents. New systems will be accredited in accordance with this Manual. If an expiration date was not specified, these systems must comply with requirements outlined in this manual three years from the date of the approval memorandum or letter.

Changes to legacy systems affecting the security posture, mode of operation or Protection Level will require accreditation in accordance with this manual. A Purpose and Content B Applicability C Administration D Background E System Information Collection F How to Use This Manual G Use of Cryptography H General Notes A Overview B Roles and Responsibilities B Description of Levels-of-Concern C Protection Levels D Determining Security Features and Assurances B Confidentiality Requirements B Integrity Requirements B Availability Requirements B Controlled Interface C Web Security D Securing Servers E Mobile Code and Executable Content F Electronic Mail E-mail G Collaborative Computing H Distributed Processing B Procedural Security C Environmental Security D Physical Security E Personnel Security F Handling Caveats and Handling Restrictions B Risk Management C Certification D Accreditation G Special Categories of ISs A-1 A.

A Policy Basis B Contents of an ISA This Manual establishes the security policy and procedures for storing, processing, and communicating classified DoD SAP information in information systems ISs. DoD SAP information constitutes an asset vital to the effective performance of our national security roles.

It is essential that this information be properly managed, and that its confidentiality, integrity, and availability be ensured. Therefore, this policy and its implementation manual: a. Provide policy and procedures for the security and protection of systems that create, process, store, and transmit SAP information. Provide administrative and system security requirements, including those for interconnected systems. Define and mandate the use of a risk management process. Define and mandate the use of a certification and accreditation process.

Promote the use of efficient procedures and cost-effective, computer-based security features and assurances. Describe the roles and responsibilities of the individuals who constitute the decision-making segment of the IS security community and its system users. Require a life-cycle management approach to implementing system security requirements.

Introduce the concepts Levels-of-Concern and Protection Level of information. SAP information shall be appropriately safeguarded at all times, including when used in information systems. The information systems shall be protected. Appropriate security measures shall be implemented to ensure the confidentiality, integrity, and availability of that information. The mix of security safeguards selected for systems that process SAP information shall ensure that the system meets the policy requirements set forth in this Manual.

Information systems security shall be an integral part of all system life-cycle phases for all systems. The security of systems shall be reviewed whenever changes occur to missions, information systems, security requirements, or threat, and whenever there are significant adverse changes to system vulnerabilities.

Appropriate authorities, as defined in the Manual, shall be immediately notified of any threats or vulnerabilities impacting systems that process their data. All ISs are subject to monitoring consistent with applicable laws and regulations, and as provided for by agency policies, procedures, and practices. As a minimum, monitoring will assess the adequacy of the confidentiality, integrity, and availability controls. A risk assessment shall be performed for each IS to identify specific areas that require safeguards against deliberate or inadvertent unauthorized disclosure, modification, or destruction of information; denial of service; and unauthorized use of the IS.

Countermeasures shall be applied in those areas to eliminate or adequately reduce the identified risk. These security disciplines include, but are not limited to, information systems security, operations and administrative security, personnel security, physical security, and communications security.

Systems shall be reviewed for compliance with this Manual and the security documents derived therefrom. The PAA may delegate, in writing, to the extent the PAA considers appropriate, the authority to accredit systems operating at Protection Levels 1, 2, or 3; but the PAA retains the ultimate responsibility for the security of the information processed in those systems.

The PAA shall ensure the establishment of an information systems security incident response and reporting capability that detects incidents, establishes a trained response element, maintains statistics, initiates an investigation, and recovers operational capability for the information. This Manual is effective for five years. At that time, it shall be reviewed for continued applicability. The Secretary of Defense requires all United States Government departments and agencies, their contractors, and Allied governments processing SAP information to establish, implement, maintain, and abide by the protection measures identified in this manual.

B Applicability 1. While the traditional operational concern over confidentiality of classified information has not diminished, integrity and availability have become critical parts of security for all systems. The requirements in this manual reflect that understanding.





us jafan 6 3


Related Articles