DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
DODI <strong>8500.2</strong>, February 6, 2003<br />
Table E4.T3. Operating Environment Summary by Confidentiality Level<br />
Confidentiality Level Internal System Exposure External System Exposure<br />
High (Systems<br />
Processing Classified<br />
Information)<br />
Medium (Systems<br />
Processing Sensitive<br />
Information<br />
Basic (Systems<br />
Processing Public<br />
Information)<br />
• Each user has a clearance for all<br />
information processed, stored or<br />
transmitted by the system.<br />
• Each user has access approval<br />
for all information stored or<br />
transmitted by the system.<br />
• Each user is granted access<br />
only to information for which the<br />
user has a valid need-to-know.<br />
• Each user has access approval<br />
for all information stored or<br />
transmitted by the system.<br />
• Each user is granted access<br />
only to information for which the<br />
user has a valid need-to-know.<br />
• Each IT user meets security<br />
criteria commensurate with the<br />
duties of the position.<br />
• Each user has access approval<br />
for all information stored or<br />
transmitted by the system.<br />
• Each IT user meets security<br />
criteria commensurate with the<br />
duties of the position.<br />
• System complies with <strong>DoD</strong>D C-5200.5<br />
(reference (aj)) requirements for physical or<br />
cryptographic isolation.<br />
• All Internet access is prohibited.<br />
• All enclave interconnections with enclaves<br />
in the same security domain require<br />
boundary protection (e.g., firewalls, IDS, and<br />
a DMZ).<br />
• All enclave interconnections with enclaves<br />
in a different security domain require a<br />
controlled interface.<br />
• All interconnections undergo a security<br />
review and approval.<br />
• All non-<strong>DoD</strong> network access (e.g., Internet)<br />
is managed through a central access point<br />
with boundary protections (e.g., a DMZ).<br />
• All enclave interconnections with enclaves<br />
in the same security domain require<br />
boundary protection (e.g., firewalls, IDS, and<br />
a DMZ).<br />
• All remote user access is managed<br />
through a central access point.<br />
• All interconnections undergo a security<br />
review and approval.<br />
• N/A as the purpose of system is providing<br />
publicly released information to the public.<br />
E4.1.8. Internal and external system exposure are often assigned levels of High,<br />
Medium, and Low. The combined levels of internal and external system exposure may<br />
be referred to as total system exposure. Total system exposure is a general indicator<br />
of risk, and is the inverse of a system's operating environment robustness, a term used in<br />
U.S. Government protection profiles. Table E4.T4., below, outlines the total system<br />
exposure and operating environment robustness of <strong>DoD</strong> information systems that are<br />
compliant with the baseline IA controls for confidentiality:<br />
52 ENCLOSURE 4