INFORMATION ASSURANCE (IA) POLICY FOR SPACE SYSTEMS USED BY THE DEPARTMENT OF DEFENSE
|Publication Date:||21 June 2005|
APPLICABILITY AND SCOPE
The scope of this Directive includes the policy, planning, budgeting, requirements generation, research, development, testing, evaluation, production, acquisition, deployment, maintenance, life cycle support, education, training, exercises, operations, employment, and oversight of IA activities that are integral to the space systems used by the Department of Defense. DoD information and data that transit space systems shall be protected (e.g., encryption for confidentiality) in accordance with references (d) and (e).
This Directive applies to:
The Office of the Secretary of Defense, the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities in the Department of Defense (hereafter referred to collectively as the "DoD Components").
All types of DoD-owned or controlled space systems, and the components thereof, that collect, generate, process, store, display, transmit, or receive national security or DoD sensitive information (e.g., launch vehicles, satellites, payloads, launch and test ranges, satellite and network operation centers, and user equipment).
Commercial (domestic and foreign), U.S. civil, or foreign government-owned (i.e., those not owned or controlled by the Department of Defense) space systems, components, or services used by the Department of Defense to collect, generate, process, store, display, transmit, or receive national security or DoD sensitive information.
Interfaces between space systems covered by this Directive and external systems when it is determined that the architecture of the space system does not provide for adequate protection against potential threats from interconnected, external systems.
This Directive does not apply to the following:
Aircraft, operational ballistic missile weapons systems, anti-ballistic missile systems, munitions, and suborbital test vehicles that do not have subsystems that are part of a space system. When subsystems exist that are part of a space system, this Directive shall specifically apply to those subsystems.
DoD-owned or controlled space systems or segments thereof that were past the point of program initiation when this Directive became effective with the following exceptions, or as noted in section 4.
This exemption does not automatically apply to any subsequent major redesigns of these systems or segments. Program Managers shall request that the DoD Executive Agent for Space review proposed major redesigns of legacy systems and decide if this Directive should apply. The DoD Executive Agent for Space (DoD Directive 5101.2 (reference (f)) shall consult with the Commander, U.S. Strategic Command, and the Director, National Security Agency (DIRNSA), prior to making a decision.
The DoD Executive Agent for Space, in consultation with the Commander, U.S. Strategic Command, and the DIRNSA, may revoke this exemption on a case-by-case basis for programs past the point of program initiation, but still in development, if the potential IA-related risks to the space system clearly outweigh the cost and schedule impact of fully complying with this Directive.
Commercial, U.S. civil, or foreign-owned space systems providing services to the Department of Defense that were already under lease or other use agreement when this Directive became effective for the life of the current lease or use agreement.
Implements the requirements of reference (a) by establishing Information Assurance (IA) policy and assigning IA responsibilities for all DoD space systems in accordance with reference (b).
Supersedes and cancels reference (c).
Supplements IA policy and requirements contained in reference (d) and DoD Instruction 8500.2 (reference (e)).