DoD Instruction 8500.2 - Common Access Card (CAC)

More documents

Recommendations

Info

DODI 8500.2, February 6, 2003 5.10.4. Ensure that DoD information system recovery processes are monitored and that IA features and procedures are properly restored. 5.10.5. Ensure that all DoD information system IA-related documentation is current and accessible to properly authorized individuals. 5.10.6. Implement and enforce all DoD information system IA policies and procedures, as defined by its security certification and accreditation documentation. 5.11. Each Privileged User with IA responsibilities (e.g. System Administrator), in addition to satisfying all responsibilities of an Authorized User, shall: 5.11.1. Configure and operate IA and IA-enabled technology according to DoD information system IA policies and procedures and notify the IAO of any changes that might adversely impact IA. 5.11.2. Establish and manage authorized user accounts for DoD information systems, including configuring access controls to enable access to authorized information and removing authorizations when access is no longer needed. 5.12. Authorized Users shall: 5.12.1. Hold a U.S. Government security clearance commensurate with the level of access granted. 5.12.2. Access only that data, control information, software, hardware, and firmware for which they are authorized access and have a need-to-know, and assume only those roles and privileges for which they are authorized. 5.12.3. Immediately report all IA-related events and potential threats and vulnerabilities involving a DoD information system to the appropriate IAO. 5.12.4. Protect authenticators commensurate with the classification or sensitivity of the information accessed and share authenticators or accounts only with authorized personnel. Report any compromise or suspected compromise of an authenticator of an authenticator to the appropriate IAO. 5.12.5. Ensure that system media and output are properly marked, controlled, stored, transported, and destroyed based on classification or sensitivity and need-to-know. 5.12.6. Protect terminals or workstations from unauthorized access. 10
DODI 8500.2, February 6, 2003 5.12.7. Inform the IAO when access to a particular DoD information system is no longer required (e.g., completion of project, transfer, retirement, resignation). 5.12.8. Observe policies and procedures governing the secure operation and authorized use of a DoD information system. 5.12.9. Use the DoD information system only for authorized purposes. 5.12.10. Not unilaterally bypass, strain, or test IA mechanisms. If IA mechanisms must be bypassed, users shall coordinate the procedure with the IAO and receive written approval from the IAM. 5.12.11. Not introduce or use unauthorized software, firmware, or hardware on the DoD information system. 5.12.12. Not relocate or change DoD information system equipment or the network connectivity of equipment without proper IA authorization. 6. PROCEDURES Implementation procedures are in enclosures 3 and 4. 11
Page 1 and 2: Department of Defense INSTRUCTION N
Page 3 and 4: DODI 8500.2, February 6, 2003 5.1.3
Page 5 and 6: DODI 8500.2, February 6, 2003 5.6.
Page 7 and 8: DODI 8500.2, February 6, 2003 5.7.9
Page 9: DODI 8500.2, February 6, 2003 5.9.5
Page 13 and 14: DODI 8500.2, February 6, 2003 E1. E
Page 15 and 16: DODI 8500.2, February 6, 2003 E2. E
Page 17 and 18: DODI 8500.2, February 6, 2003 are t
Page 19 and 20: DODI 8500.2, February 6, 2003 proce
Page 21 and 22: DODI 8500.2, February 6, 2003 E2.1.
Page 23 and 24: DODI 8500.2, February 6, 2003 enabl
Page 27 and 28: DODI 8500.2, February 6, 2003 E2.A1
Page 29 and 30: DODI 8500.2, February 6, 2003 NSTIS
Page 37 and 38: DODI 8500.2, February 6, 2003 unifo
Page 45 and 46: DODI 8500.2, February 6, 2003 Table
Page 47 and 48: DODI 8500.2, February 6, 2003 Inves
Page 49 and 50: DODI 8500.2, February 6, 2003 Table
Page 53 and 54: DODI 8500.2, February 6, 2003 E4.T4
Page 55 and 56: DODI 8500.2, February 6, 2003 Subje
Page 61 and 62:
DODI 8500.2, February 6, 2003 Subje
Page 63 and 64:
Page 65 and 66:
DODI 8500.2, February 6, 2003 E4.A2
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
show all

DoD Instruction 8500.2 - Common Access Card (CAC)

Create successful ePaper yourself

Delete template?

Save as template?