Information Systems Security Manager (ISSM) - Marine Corps ...

More documents

Recommendations

Info

NAVSO P-5239-04SEPTEMBER 1995*Department of Defense Directive 5200.28, Security Requirements for AutomatedInformation Systems, Department of Defense, March 1988.This document provides the mandatory, minimum Information Security (INFOSEC)requirements for processing classified, sensitive unclassified, and unclassified information.The directive states that information in ISs shall be safeguarded at all times by computer,communication, administrative, personnel, operations, emanations, and physical securitymeasures. It emphasizes the importance of a life cycle management approach forimplementing computer security requirements.*Department of Defense Directive 5200.28-STD , Department of Defense Trusted ComputerSystem Evaluation Criteria, Department of Defense, December 1985.This document is also known as the "Orange Book" and "the Criteria," this directive providestechnical security requirements and evaluation methodologies for trusted computer systems.It provides a metric with which to evaluate the degree of trust that can be placed in acomputer system. This standard also serves as a basis for specifying security requirements incomputer system acquisition documentation.Department of Defense Instruction 5215.2 , Computer Security Technical VulnerabilityReporting Program (CSTVRP), 2 September 1986.This document establishes 1) CSTVRP under the direction of the National Security Agency,National Information Security Assessment Center (NISAC), 2) procedures for reporting alldemonstrable and repeatable technical vulnerabilities of Automated Information Systems (IS),3) procedures for the collection, consolidation, analysis, reporting or notification of generictechnical vulnerabilities and corrective measures in support of the DOD Computer Securityrequirements and 4) methodologies for dissemination of vulnerability information.Department of the NavySECNAV 5200.32A , Acquisition Management Policies and Procedures for ComputerResources, 03 May 1993.This document provides policy for acquiring Department of the Navy (DON) computerresources and establishing the internal management processes. It authorizes the promulgationof the Open System Interface Standards List (OSISL) and the Products Accepted List (PAL)in SECNAVNOTE 5200, Subj: Acquisition Management Policies and Procedures forComputer Resources, to facilitate the acquisition of computer resources in accordance withthis instruction.A-2
NAVSO P-5239-04SEPTEMBER 1995SECNAVINST 5231.1C , Life Cycle Management of Automated Information Systems withinthe Department of the Navy, 10 July 1992This document updates policy relative to Life Cycle Management (LCM) as the standarddiscipline for managing and obtaining approval for Information Systems (IS) projects asdefined by Department of Defense Directive ( DODD) 7920.1 "Life Cycle Management ofAutomated Information Systems (NOTAL)," 20 June 1988 and DODI 7920, "AutomatedInformation System Life Cycle Management Review and Milestone Approval Procedures(NOTAL)," 7 March 1990.*SECNAVINST 5239 .3, Department of the Navy Information Systems Security (INFOSEC)Program, Department of the Navy, July 1995.This document establishes the DON INFOSEC program within the Information Warfarediscipline. It defines the organizational responsibilities for implementing the securitydisciplines of Communications Security (COMSEC), Computer Security (COMPUSEC), andEmanations Security (TEMPEST) . This instruction provides the basic policy and guidelinesnecessary for consistent and effective application of resources in ensuring the security ofnational security systems and the security and privacy of DON systems/information under theComputer Security Act of 1987.*OPNAVINST 5239.1A , Department of the Navy Automated Data Processing SecurityProgram, Department of the Navy, August 1982.This document consolidates Navy policies on the security evaluation of ISs. The instructiondelineates the requirements and assigns roles and responsibilities for accreditation of ISs. Itprovides guidance for the risk assessment process and full accreditation requirements.OPNAVINST 5510.1H , Guidance for Marking and Handling Classified Material, 29 April1988.This document provides guidance for classifying and safeguarding classified information.Marine Corps Order P5510.14 , Marine Corps Automatic Data Processing (ADP) SecurityManual, 2 January 1981.This document provides centralized guidance and uniform policy on all known andrecognized aspects of ADP security. It also provides realistic guidance and generalizedprocedures to ensure that all sensitive defense information handled by automated systems isprotected against espionage, sabotage, fraud, misappropriation, misuse, or inadvertent ordeliberate compromise.Marine Corps Order 5271.1 , Information Resources Management (IRM) Standards andGuidelines Program, 10 June 1993.A-3
Page 1:
Department of the Navy NAVSO P-5239
Page 5: NAVSO P-5239-04SEPTEMBER 1995FOREWO
Page 8 and 9: NAVSO P-5239-04SEPTEMBER 1995TABLE
Page 10 and 11: NAVSO P-5239-04SEPTEMBER 1995· Sec
Page 12 and 13: NAVSO P-5239-04SEPTEMBER 1995techni
Page 14 and 15: NAVSO P-5239-04SEPTEMBER 1995ISEASS
Page 16 and 17: NAVSO P-5239-04SEPTEMBER 19953.0 IN
Page 18 and 19: NAVSO P-5239-04SEPTEMBER 1995· Sit
Page 20 and 21: NAVSO P-5239-04SEPTEMBER 1995the DO
Page 22 and 23: NAVSO P-5239-04SEPTEMBER 19953.2 Ri
Page 24 and 25: NAVSO P-5239-04SEPTEMBER 1995workin
Page 26 and 27: NAVSO P-5239-04SEPTEMBER 19953.3 Ac
Page 28 and 29: NAVSO P-5239-04SEPTEMBER 19953.4 Ad
Page 30 and 31: NAVSO P-5239-04SEPTEMBER 1995Virus
Page 32 and 33: NAVSO P-5239-04SEPTEMBER 19953.5 Tr
Page 34 and 35: NAVSO P-5239-04SEPTEMBER 1995- Expl
Page 36 and 37: NAVSO P-5239-04SEPTEMBER 19953.6 Ph
Page 38 and 39: NAVSO P-5239-04SEPTEMBER 1995· Eva
Page 40 and 41: NAVSO P-5239-04SEPTEMBER 19953.7 Au
Page 42 and 43: NAVSO P-5239-04SEPTEMBER 19953.8 In
Page 44 and 45: NAVSO P-5239-04SEPTEMBER 19953.9 Se
Page 46 and 47: NAVSO P-5239-04SEPTEMBER 19953.10 C
Page 48 and 49: NAVSO P-5239-04SEPTEMBER 19953.11 S
Page 50 and 51: NAVSO P-5239-04SEPTEMBER 199542
Page 52 and 53: NAVSO P-5239-04SEPTEMBER 1995update
Page 55: NAVSO P-5239-04SEPTEMBER 1995Securi
Page 59 and 60: NAVSO P-5239-04SEPTEMBER 1995This d
Page 61 and 62: NAVSO P-5239-04SEPTEMBER 1995NCSC-T
Page 63 and 64: NAVSO P-5239-04SEPTEMBER 1995NTISSP
Page 65 and 66: NAVSO P-5239-04SEPTEMBER 1995primar
show all

Information Systems Security Manager (ISSM) - Marine Corps ...

Create successful ePaper yourself

Delete template?

Save as template?