UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

close
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ARMY - AR 380-19

INFORMATION SYSTEMS SECURITY

inactive, Most Current
Organization: ARMY
Publication Date: 27 February 1998
Status: inactive
Page Count: 143
scope:

Purpose

This regulation establishes Department of the Army (DA) information systems security (ISS) policy. It specifically addresses the ISS subdisciplines of communications security (COMSEC) and computer security (COMPUSEC). (Army Regulation (AR) 381-14 addresses TEMPEST.) This regulation provides the following guidance:

a. Prescribes ISS policy for the protection of classified and sensitive but unclassified (SBU) information processed, stored, or transmitted over automated information systems (AIS).

b. Prescribes unique policies for the following ISS subdisciplines:

(1) COMPUSEC (see chaps 2 and 3).

(2)COMSEC(see chap 4).

c. Deals with all Army AIS. However, certain systems are also governed by the policies, procedures, or directives of the Joint Chiefs of Staff (JCS), Defense Intelligence Agency (DIA), National Security Agency (NSA), Defense Information System Agency (DISA), or other Department of Defense (DOD) directives. In the event of conflicting guidance, major Army commands (MACOMs) should submit a request for a policy review to the office of the Director of Information Systems for Command, Control, Communications, and Computers (DISC4). This regulation is a minimum standard applicable in all areas not specifically covered in other higher level documents. Refer to the documents listed below for DOD policy and guidance for certain unique applications:

(1) Systems processing intelligence information will comply with national intelligence agency regulations and procedures (such as those of the NSA and DIA) that are, in turn, derived from Director, Central Intelligence. Directive (DCID) 1/16. Accreditation of AIS under the purview of the National Security Agency (NSA) is not governed by this regulation (chap 3) and must be accomplished in accordance with NSA guidance (Supplement 1 to NSNCentral Security Services (CSS) 130-1).

(2) Joint Chiefs of Staff Publication 6-03.7 and other applicable Global Command and Control System (GCCS) publications provide cornpliance requirements for the GCCS sites.

(3) Joint Chiefs of Staff Memorandum (MJCS) 75-87 provides compliance requirements for systems processing Single Integrated Operational Plan-Extra Sensitive Information (SIOP-ESI).

(4) Department of Defense Publication C-5030-58-M provides the security requirements for an Automated Message Handling System (AMHS) at sites that store or process Sensitive Compartmented Information (SCI) in a consolidated Defense Special Security Communications System (DSSCS)íGeneral Service facility.

(5) Army Regulation (AR) 380-381 (C) provides the security requirements for systems processing Special Access Program (SAP) information.

d. Describes ISS policy as it applies to security in the following areas:

(1) Hardware.

(2) Software.

(3) Procedures.

(4) Telecommunications.

(5) Personnel.

(6) Physical environment.

(7) Networks.

(8) Firmware.

e. Provides guidance for satisfying Department of Defense (DOD) SBU requirements.

Document History

AR 380-19
February 27, 1998
INFORMATION SYSTEMS SECURITY
Purpose This regulation establishes Department of the Army (DA) information systems security (ISS) policy. It specifically addresses the ISS subdisciplines of communications security (COMSEC) and...

References

Advertisement