Information Systems Security Manager (ISSM) - Marine Corps ...

More documents

Recommendations

Info

NAVSO P-5239-04SEPTEMBER 1995National Security Telecommunications and Information Systems Security CommitteeNTISSD 500, Information Systems Security (INFOSEC) Education, Training, andAwareness, 25 February 1993.This document establishes the requirement for federal departments and agencies to developand/or implement Telecommunications and Automated Information Systems Security(TAISS) education and training programs and TAISS awareness activities.NTISSD 501, National Training Program for Information Systems Security (INFOSEC)Professionals, 16 November 1992.This document establishes the requirement for federal departments and agencies to implementtraining programs for INFOSEC professionals. For the purpose of the directive, an INFOSECprofessional is an individual who is responsible for the security oversight or management ofnational security systems during each phase of the life cycle.NTISSD 502, National Security Telecommunications and Automated Information SystemsSecurity, 5 February 1993.This document delineates and clarifies objectives, policies, procedures, standards , andterminology as set forth in the "National Policy for the Security of National SecurityTelecommunications and Information Systems," (National Security Decision 42) dated July1990.The National Security Decision 42 establishes the initial national objectives, policies, and anorganizational structure to guide the conduct of national activities directed towardsafeguarding, from exploitation, systems that process or communicate national securityinformation, and establishes a mechanism for policy development, and assigns responsibilitiesfor implementation.NTISSP 4, National Policy on Electronic Keying, 16 November 1992.This document declares that all U.S. Government departments and agencies shall establishand implement electronic keying programs with the objective of virtually eliminating, by2000, their dependence on paper-based/non electronic keying methods and with a goal ofimplementing benign keying where appropriate. Electronic keying shall be applied to allcryptographic processes related to national security systems. U.S. Government departmentsand agencies shall exchange electronic keying information freely, coordinate programs, andparticipate in consolidated programs wherever possible.A-8
NAVSO P-5239-04SEPTEMBER 1995NTISSP 200, National Policy on Controlled Access Protection, 15 July 1987.This document states that all automated information systems that are accessed by more thanone user, when those users do not have the same authorization to use all of the classified orsensitive unclassified information processed or maintained by the automated informationsystem, shall provide automated Controlled Access Protection for all classified and sensitiveunclassified information.Office of Management and BudgetOffice of Management and Budget Bulletin No. 90-08 , Guidance for Preparation ofSecurity Plans for Federal Computer Systems that Contain Sensitive Information, July 1990.This document provides guidance to Federal agencies on computer security planningactivities required by the Computer Security Act of 1987. It provides instructions and formatfor the preparation of system security plans.Office of Management and Budget Circular A-130 , Revised (Transmittal MemorandumNo. 2), Management of Federal Information Resources, Executive Office of the President,July 1994.This document establishes general policy for the management of Federal informationresources. Included in this circular is policy for the security of Federal ISs. The circularestablishes minimum controls for inclusion in INFOSEC programs and assignsresponsibilities for the security of ISs.This document provides detailed interim guidance to Navy program managers on how toaddress computer security requirements during the acquisition process.Naval Staff Office Publication 5239 ModulesPlanned Naval Staff Office Publication 5239 Modules (Note: the modules are not listed inpublication order. Modules that have been published are annotated as such.)*5239-01 Introduction to Information Systems Security (INFOSEC)This document provides a basic introduction to INFOSEC and summaries theDoN INFOSEC Program.*5239-02 Terms, Abbreviations, and AcronymsThis document lists and defines INFOSEC terms, acronyms, and abbreviationsthat have been standardized for use within the DoN.A-9
Page 1:
Department of the Navy NAVSO P-5239
Page 5:
NAVSO P-5239-04SEPTEMBER 1995FOREWO
Page 8 and 9:
NAVSO P-5239-04SEPTEMBER 1995TABLE
Page 10 and 11:
NAVSO P-5239-04SEPTEMBER 1995· Sec
Page 12 and 13: NAVSO P-5239-04SEPTEMBER 1995techni
Page 14 and 15: NAVSO P-5239-04SEPTEMBER 1995ISEASS
Page 16 and 17: NAVSO P-5239-04SEPTEMBER 19953.0 IN
Page 18 and 19: NAVSO P-5239-04SEPTEMBER 1995· Sit
Page 20 and 21: NAVSO P-5239-04SEPTEMBER 1995the DO
Page 22 and 23: NAVSO P-5239-04SEPTEMBER 19953.2 Ri
Page 24 and 25: NAVSO P-5239-04SEPTEMBER 1995workin
Page 26 and 27: NAVSO P-5239-04SEPTEMBER 19953.3 Ac
Page 28 and 29: NAVSO P-5239-04SEPTEMBER 19953.4 Ad
Page 30 and 31: NAVSO P-5239-04SEPTEMBER 1995Virus
Page 32 and 33: NAVSO P-5239-04SEPTEMBER 19953.5 Tr
Page 34 and 35: NAVSO P-5239-04SEPTEMBER 1995- Expl
Page 36 and 37: NAVSO P-5239-04SEPTEMBER 19953.6 Ph
Page 38 and 39: NAVSO P-5239-04SEPTEMBER 1995· Eva
Page 40 and 41: NAVSO P-5239-04SEPTEMBER 19953.7 Au
Page 42 and 43: NAVSO P-5239-04SEPTEMBER 19953.8 In
Page 44 and 45: NAVSO P-5239-04SEPTEMBER 19953.9 Se
Page 46 and 47: NAVSO P-5239-04SEPTEMBER 19953.10 C
Page 48 and 49: NAVSO P-5239-04SEPTEMBER 19953.11 S
Page 50 and 51: NAVSO P-5239-04SEPTEMBER 199542
Page 52 and 53: NAVSO P-5239-04SEPTEMBER 1995update
Page 55 and 56: NAVSO P-5239-04SEPTEMBER 1995Securi
Page 57 and 58: NAVSO P-5239-04SEPTEMBER 1995SECNAV
Page 59 and 60: NAVSO P-5239-04SEPTEMBER 1995This d
Page 61: NAVSO P-5239-04SEPTEMBER 1995NCSC-T
Page 65 and 66: NAVSO P-5239-04SEPTEMBER 1995primar
show all

Information Systems Security Manager (ISSM) - Marine Corps ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?