DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
DODI <strong>8500.2</strong>, February 6, 2003<br />
E3. ENCLOSURE 3<br />
INFORMATION ASSURANCE (IA) PROGRAM IMPLEMENTATION<br />
E3.1. INTRODUCTION<br />
E3.1.1. The Department of Defense has a crucial responsibility to protect and<br />
defend its information and supporting information technology. <strong>DoD</strong> information is<br />
shared across a Global Information Grid that is inherently vulnerable to exploitation and<br />
denial of service. Factors that contribute to its vulnerability include: increased<br />
reliance on commercial information technology and services; increased complexity and<br />
risk propagation through interconnection; the extremely rapid pace of technological<br />
change; a distributed and non-standard management structure; and the relatively low cost<br />
of entry for adversaries.<br />
E3.1.2. Complete confidence in the trustworthiness of information technology,<br />
users, and interconnections cannot be achieved, therefore the Department of Defense<br />
must embrace a risk management approach that balances the importance of the<br />
information and supporting technology to <strong>DoD</strong> missions against documented threats and<br />
vulnerabilities, the trustworthiness of users and interconnecting systems, and the<br />
effectiveness of IA solutions.<br />
E3.1.3. The <strong>DoD</strong> IA program is predicated upon five essential competencies that<br />
are the hallmark of any successful risk management program. They include:<br />
E3.1.3.1. The ability to assess security needs and capabilities.<br />
E3.1.3.2. The ability to develop a purposeful security design or configuration<br />
that adheres to a common architecture and maximizes the use of common services.<br />
E3.1.3.3. The ability to implement required controls or safeguards.<br />
E3.1.3.4. The ability to test and verify.<br />
manner.<br />
E3.1.3.5. The ability to manage changes to an established baseline in a secure<br />
E3.1.4. This Enclosure provides an overview of the <strong>DoD</strong> IA program. It lays out<br />
the multi-tiered management structure and information standards used for assessing,<br />
implementing, verifying, and managing changes to IA needs and capabilities across the<br />
Global Information Grid (GIG).<br />
30 ENCLOSURE 3