DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
DODI <strong>8500.2</strong>, February 6, 2003<br />
E3.2.9. Key Management Infrastructure (KMI). The KMI provides a common<br />
unified process for the secure creation, distribution, and management of cryptographic<br />
products, such as asymmetric keys (e.g., PKI) and traditional symmetric keys (e.g.,<br />
Electronic Key Management System (EKMS)) that enable security services for <strong>DoD</strong><br />
information systems. KMI-enabled services, such as identification and authentication<br />
and access control, become increasingly important as the Department of Defense<br />
incorporates IA into its information systems. Such capabilities, when combined with<br />
strong need-to-know management controls, continuously lower risk, thus enabling<br />
greater information system utility to <strong>DoD</strong> missions.<br />
E3.2.10. IA Support Services. DISA supports the Defense IA program through the<br />
maintenance of the IASE, a web-based resource providing access to current <strong>DoD</strong> and<br />
Federal IA and IA-related policy and guidance, including recent and pending legislation.<br />
It also provides oversight for the <strong>DoD</strong> IATAC, a formally chartered <strong>DoD</strong> institution that<br />
helps researchers, engineers, and program managers locate, analyze, use, and exchange<br />
scientific and technical information according to <strong>DoD</strong> Directive 3200.12 (reference<br />
(i)).<br />
E3.3. ELEMENTS OF A <strong>DoD</strong> COMPONENT IA PROGRAM<br />
E3.3.1. Adequate security of <strong>DoD</strong> information and supporting IT assets is a<br />
fundamental management responsibility. Each <strong>DoD</strong> Component shall implement and<br />
maintain a program to adequately secure its information and IT assets. <strong>DoD</strong> Component<br />
programs shall:<br />
E3.3.1.1. Ensure that <strong>DoD</strong> information systems operate effectively and<br />
provide appropriate confidentiality, integrity, and availability; and<br />
E3.3.1.2. Protect information commensurate with the level of risk and<br />
magnitude of harm resulting from loss, misuse, unauthorized access, or modification.<br />
E3.3.2. A <strong>DoD</strong> Component IA program must harmonize the IA requirements of<br />
multiple <strong>DoD</strong> information systems. This shall be accomplished through development<br />
of a <strong>DoD</strong> Component-level IA architecture and supporting master plan, coordination of<br />
IA projects across multiple investments, clear assignment of organizational roles and<br />
responsibilities, and development and management of a professional IA workforce.<br />
E3.3.3. A key enabler of the IA program is the <strong>DoD</strong> Component-level IA<br />
architecture. The IA architecture assigns IA roles and behavior to <strong>DoD</strong> Component IT<br />
assets, and prescribes rules for interaction and interconnection. This provides a<br />
36 ENCLOSURE 3