DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
DODI <strong>8500.2</strong>, February 6, 2003<br />
5.7.1.3. Assign mission assurance categories to <strong>DoD</strong> Component-specific<br />
<strong>DoD</strong> information systems according to the guidelines provided in enclosure 4 of this<br />
<strong>Instruction</strong>.<br />
5.7.2. Ensure that IA requirements are addressed and visible in all investment<br />
portfolios and investment programs incorporating <strong>DoD</strong> information systems.<br />
5.7.3. Ensure that ISSE is employed in the acquisition of all automated<br />
information system (AIS) applications under their responsibility.<br />
5.7.4. Ensure <strong>DoD</strong> information systems acquire and employ IA solutions in<br />
accordance with enclosures 3 and 4 of this <strong>Instruction</strong>.<br />
5.7.5. Appoint DAAs according to <strong>DoD</strong> Directive 8500.1 (reference (a)) and<br />
ensure they accredit each <strong>DoD</strong> information system according to the <strong>DoD</strong> <strong>Instruction</strong><br />
5200.40 (reference (n)).<br />
5.7.6. Share research and technology, techniques, and lessons learned relating<br />
to IA with other <strong>DoD</strong> Components and the DIAP office.<br />
5.7.7. Ensure that IA awareness, training, education, and professionalization are<br />
provided to all military and civilian personnel, including contractors, commensurate with<br />
their respective responsibilities for developing, using, operating, administering,<br />
maintaining, and retiring <strong>DoD</strong> information systems in accordance with Deputy Secretary<br />
of Defense guidance (references (o) and (p)).<br />
5.7.8. Provide for an IA monitoring and testing capability according to <strong>DoD</strong><br />
Directive 4640.6 (reference (q)) and applicable laws and regulations.<br />
5.7.9. Provide for vulnerability mitigation and an incident response and<br />
reporting capability to:<br />
5.7.9.1. Comply with <strong>DoD</strong>-directed mitigations in vulnerability alerts and<br />
provide support to computer network defense, as directed in <strong>DoD</strong> <strong>Instruction</strong> O-8530.2<br />
(reference (h)).<br />
incident.<br />
5.7.9.2. Limit damage and restore effective service following a computer<br />
6