DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
DODI <strong>8500.2</strong>, February 6, 2003<br />
5.8. Each Designated Approving Authority, in addition to satisfying all<br />
responsibilities of an Authorized User, shall:<br />
5.8.1. Ensure that IA is incorporated as an element of <strong>DoD</strong> information system<br />
life-cycle management processes.<br />
5.8.2. For <strong>DoD</strong> information systems or enclaves under his or her purview,<br />
ensure that all IA-related positions are assigned in writing, include a statement of IA<br />
responsibilities, and that appointees to positions receive appropriate IA training.<br />
5.8.3. Ensure that all Information Assurance Managers (IAMs), in addition to<br />
meeting all access requirements specified in paragraph 4.8., <strong>DoD</strong> Directive 8500.1,<br />
(reference (a)), are U.S. citizens.<br />
5.8.4. Grant <strong>DoD</strong> information systems under his or her purview formal<br />
accreditation to operate according to the <strong>DoD</strong> IA certification and accreditation process<br />
(reference (h)).<br />
5.8.5. Ensure that IA-related events or configuration changes that may impact<br />
accreditation are reported to affected parties, such as Information Owners and DAAs of<br />
interconnected <strong>DoD</strong> information systems.<br />
5.9. Each IA Manager, in addition to satisfying all responsibilities of an Authorized<br />
User, shall:<br />
5.9.1. Develop and maintain an organization or <strong>DoD</strong> information system-level<br />
IA program that identifies IA architecture, IA requirements, IA objectives and policies; IA<br />
personnel; and IA processes and procedures.<br />
5.9.2. Ensure that information ownership responsibilities are established for<br />
each <strong>DoD</strong> information system, to include accountability, access approvals, and special<br />
handling requirements.<br />
5.9.3. Ensure the development and maintenance of IA certification<br />
documentation according to <strong>DoD</strong> <strong>Instruction</strong> 5200.40 (reference (n)) by reviewing and<br />
endorsing such documentation, and recommending action to the DAA.<br />
5.9.4. Maintain a repository for all IA certification and accreditation<br />
documentation and modifications.<br />
8