INFORMATION ASSURANCE (IA)
|Publication Date:||23 April 2007|
APPLICABILITY AND SCOPE
This Directive applies to:
The Office of the Secretary of Defense, the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the Department of Defense (hereafter referred to collectively as "the DoD Components").
All DoD-owned or -controlled information systems that receive, process, store, display or transmit DoD information, regardless of mission assurance category, classification or sensitivity, including but not limited to:
DoD information systems that support special environments, e.g., Special Access Programs (SAP) and Special Access Requirements (SAR), as supplemented by the special needs of the program.
Platform IT interconnections, e.g., weapons systems, sensors, medical technologies or utility distribution systems, to external networks.
Information systems under contract to the Department of Defense.
Outsourced information-based processes such as those supporting e-Business or e-Commerce processes.
Information systems of Nonappropriated Fund Instrumentalities.
Stand-alone information systems.
Mobile computing devices such as laptops, handhelds, and personal digital assistants operating in either wired or wireless mode, and other information technologies as may be developed.
Nothing in this policy shall alter or supercede the existing authorities and policies of the Director of Central Intelligence (DCI) regarding the protection of Sensitive Compartmented Information (SCI) and special access programs for intelligence as directed by Executive Order 12333 (reference (g)) and other laws and regulations.
Establishes policy and assigns responsibilities under reference (a) to achieve Department of Defense (DoD) information assurance (IA) through a defense-in-depth approach that integrates the capabilities of personnel, operations, and technology, and supports the evolution to network centric warfare.
Supersedes DoD Directive 5200.28, DoD 5200.28-M, DoD 5200.28-STD, and DoD Chief Information Officer (CIO) Memorandum 6-8510 (references (b), (c), (d), and (e)).
Designates the Secretary of the Army as the Executive Agent for the integration of common biometric technologies throughout the Department of Defense.
Authorizes the publication of DoD 8500.1-M consistent with DoD 5025.1-M (reference (f)).