ARMY - AR 380-19
INFORMATION SYSTEMS SECURITY
|Publication Date:||27 February 1998|
This regulation establishes Department of the Army (DA) information systems security (ISS) policy. It specifically addresses the ISS subdisciplines of communications security (COMSEC) and computer security (COMPUSEC). (Army Regulation (AR) 381-14 addresses TEMPEST.) This regulation provides the following guidance:
a. Prescribes ISS policy for the protection of classified and sensitive but unclassified (SBU) information processed, stored, or transmitted over automated information systems (AIS).
b. Prescribes unique policies for the following ISS subdisciplines:
(1) COMPUSEC (see chaps 2 and 3).
(2)COMSEC(see chap 4).
c. Deals with all Army AIS. However, certain systems are also governed by the policies, procedures, or directives of the Joint Chiefs of Staff (JCS), Defense Intelligence Agency (DIA), National Security Agency (NSA), Defense Information System Agency (DISA), or other Department of Defense (DOD) directives. In the event of conflicting guidance, major Army commands (MACOMs) should submit a request for a policy review to the office of the Director of Information Systems for Command, Control, Communications, and Computers (DISC4). This regulation is a minimum standard applicable in all areas not specifically covered in other higher level documents. Refer to the documents listed below for DOD policy and guidance for certain unique applications:
(1) Systems processing intelligence information will comply with national intelligence agency regulations and procedures (such as those of the NSA and DIA) that are, in turn, derived from Director, Central Intelligence. Directive (DCID) 1/16. Accreditation of AIS under the purview of the National Security Agency (NSA) is not governed by this regulation (chap 3) and must be accomplished in accordance with NSA guidance (Supplement 1 to NSNCentral Security Services (CSS) 130-1).
(2) Joint Chiefs of Staff Publication 6-03.7 and other applicable Global Command and Control System (GCCS) publications provide cornpliance requirements for the GCCS sites.
(3) Joint Chiefs of Staff Memorandum (MJCS) 75-87 provides compliance requirements for systems processing Single Integrated Operational Plan-Extra Sensitive Information (SIOP-ESI).
(4) Department of Defense Publication C-5030-58-M provides the security requirements for an Automated Message Handling System (AMHS) at sites that store or process Sensitive Compartmented Information (SCI) in a consolidated Defense Special Security Communications System (DSSCS)íGeneral Service facility.
(5) Army Regulation (AR) 380-381 (C) provides the security requirements for systems processing Special Access Program (SAP) information.
d. Describes ISS policy as it applies to security in the following areas:
(6) Physical environment.
e. Provides guidance for satisfying Department of Defense (DOD) SBU requirements.