Army Internet-Based Training: Public Key Infrastructure And Information Security Requirements
|
|
- Valerie Lyons
- 8 years ago
- Views:
Transcription
1 Army Internet-Based Training: Public Key Infrastructure And Information Security Requirements Major Alan L. Gunnerson United States Army Distributed Learning Program (TADLP) Fort Monroe, Virginia MBA Information Technology Student, University of Dallas, Irving, Texas Abstract: The Department of Defense s mandate of a public key infrastructure (PKI) will have an impact on the Army s Distributed Learning Program (TADLP). The Army s Executive Agent for the PKI/Common Access Card (CAC) is the office of the Secure Electronic Transactions-Devices; which has established the program to field the Army s PKI/CAC/digital certificate devices through TADLP is the Army s program to provide standard distributed individual, collective, and self-development training to all Army soldiers anywhere in the world - whether at home using their personal computer, at work using their office computer, on travel, or deployed in the field. Distributed learning in the information age has unleashed the potential to transform Army training, providing the Army with a capability for obtaining the state of readiness necessary to accomplish the Army mission. This paper describes each program and the additional security impacts of the PKI/CAC program on the Army s Distributed Learning Program. 1. References Army Training Division, National Guard Bureau (NGB) (2002). Army National Guard Distributed Learning Guide, Version 1c. Department of Defense (DOD) Directive (1988). Security Requirements for Automated Information Systems. DOD Instruction (1997). DOD Information Technology Security Certification and Accreditation Process (DITSCAP). DOD Public Key Infrastructure Program Management Office (DOD PKI PMO) (2000). Public Key Infrastructure Roadmap for the Department of Defense Version 5.0. DOD Public PKI PMO (2002). X.509 Certificate Policy for the Department of Defense Version 6.0. Mulrine, Anna. USNews.com article. (Special Report: E-Learning October 28, 2002). Online Ed: It s in the Army now: A popular new program allows soldiers to study at home and abroad. New, William. (2002). Broadband Guardians. GovExec.com. Office of the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence (OASD C3I) Memorandum (2002, January 30). Subject: Army Knowledge Online (AKO). OASD C3I Memorandum (2002, May 21). Subject: Public Key Infrastructure (PKI) Policy Update. OASD C3I Memorandum (1996, January 4). Subject: Uniformed Badge System for the Department of Defense. OASD C3I Message (291900Z July 2002). SUBJECT: UNCLAS ALARACT 0077/2002, Update for Implementation of Public Key Infrastructure and Common Access Card and the Public Key Enabling of Applications, Web Servers, and Networks in the Department of the Army. Program Manager, Secure Electronic Transactions-Devices (PM SET-D) website: United States Army Training and Doctrine Command (USA TRADOC) Deputy Chief of Staff for Training (DCST) Training Development and Analysis Directorate (TDAD). (2001). The Army Distance Learning Program Campaign Plan USA TRADOC DCST TDAD Memorandum (2001, June 26). Subject: Learning Management System. United States General Accounting Office (2002). NATIONAL GUARD: Effective Management Processes Needed for Wide-Area Network. Report to Congressional Committees. United States House of Representatives Report Number , Making Federal Computers Secure: Overseeing Effective Information Security Management, Third Report by the Committee of Government Reform. Wisher, Robert A.; Champagne, Matthew V.; Pawluk, Jennifer L.; Eaton, Angela; Thornton, David M.; Curnow, Christina K.; & Moses, Franklin L. (1999). Army Research Institute Technical Report Training Through Distance Learning: An Assessment of Research Findings.
2 2. Overview In an alarming report released on November 18, , the U.S. Congressional Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations flunked 16 federal agencies on their computer security efforts, while giving barely passing grades to a host of other agencies. In his opening remarks upon presenting the annual computer security report card, Subcommittee Chairman Representative Stephen Horn (R-CA) stated, "It is disappointing to announce that the federal government has received a failing grade on its security efforts." The subcommittee began grading 24 major executive branch departments of the U.S. government last year after the 106 th Congress passed the Government Information Security Reform Act of 2000, which requires federal agencies to establish agency wide computer security programs that protect the systems that support their missions. Critical agencies such as the DOD, Department of Transportation, Department of Health and Human Services, and Department of Energy, as well as the Nuclear Regulatory Commission, all received "F's," a failing grade. Representative Horn continued, "All of us in Congress are well aware that the nation is in a state of war. It is not anyone's intention to place this great land at further risk of attack. It is, however, very important that the new administration take heed of the sobering assessment the subcommittee is providing and work to expeditiously address this most important need." The major findings within the report included: Agencies are not conducting periodic risk assessments. Federal computer systems have significant and pervasive weaknesses in their security controls. Federal information technology systems rely on commercial software that is vulnerable to attack. Agencies Capital Planning and Investment Control processes do not include information technology security. Congress does not have consistent and timely access to the information it needs to fulfill its oversight responsibilities for Federal information security and related budget deliberations. 2.1 Common Access Card (CAC)/Public Key Infrastructure (PKI) As part of the GISRA, DOD developed a Key Management Infrastructure (KMI) to provide engineered solutions (consisting of products and services) for security of networked computer-based systems and is part of the part of the Defense-in-Depth strategy to achieve information superiority by protecting vital information. Programs which carry out or support the mission of the US DOD require services such as authentication, confidentiality, technical non-repudiation, and access control. These services are met with an array of network security components such as workstations, guards, firewalls, routers, in-line network encryptors (INE), and trusted database servers. The operation of these components is supported and complemented by use of public key cryptography. 2 The National Security Agency (NSA) has the responsibility for the management of the DOD PKI Program Management Office (PKI PMO) as designated by the OASD C3I and the DOD CIO. NSA provides the system security assessments in support of the PKI PMO to include the Defense Eligibility Enrollment Reporting System (DEERS) and Real-time Automated Personnel Identification System (RAPIDS) infrastructure used to issue CACs (which will function as PKI tokens). 3 PKI also provides authentication, confidentiality, integrity, and non-repudiation needed to migrate business operations to a paperless environment. PKI is being implemented in conjunction with CAC, the first Departmentwide implementation of smart cards. 4 The Army s Executive Agent (AEA) for the CAC/PKI is the office of SET -D; which has established the program to field the Army s CAC/PKI/digital certificate devices through [1] US House of Representatives, Report Number , Making Federal Computers Secure: Overseeing Effective Information Security Management, Third Report by the Committee of Government Reform. [2] DOD PKI PMO. (31 May 2002). X.509 Certificate Policy for the United States Department of Defense Version 6.0. Page 1. [3] The CAC is being issued at only the RAPID-installed sites and is only available as generated by the RAPIDS. [4] HQDA Message, Office Symbol SAIS-ZA. (291900Z July 2002). SUBJECT: UNCLAS ALARACT 0077/2002, Update for Implementation of Public Key Infrastructure and Common Access Card and the Public Key Enabling of Applications, Web Servers, and Networks in the Department of the Army. The Army CIO/G-6 released this HQDA message to provide immediate guidance to all Army units and activities concerning the implementation of the Army PKI/CAC program.
3 The CAC will serve as the: Standard identification card for active-duty military personnel, members of the Selected Reserve, Army civilian employees, and eligible contractor personnel; Principal card used to enable physical access to Army facilities, installations, and controlled spaces 1 ; Principal card used to enable computer network and system access via digital signature and data encryption; and Primary PKI token platform for Class 3 certificates. 2.2 The Army Distributed Learning Program (TADLP) A marked shift in military training is underway. Today, many aspects of training and education are carried out via distributed learning (DL), essentially synonymous with distance learning, and the potential for DL to support soldiers will significantly increase in the future. DL is defined as the delivery of training to soldiers and units through the application of multiple means of technology. The amount and kind of training appropriate for DL application will be determined by the tasks to be trained. DL allows students, leaders, and units centralized access to essential information and training. DL in the information age has unleashed the potential to transform Army training, providing the Army with a capability for obtaining the state of readiness necessary to accomplish the Army mission. In 1996, General Reimer, the Chief of Staff, Army approved TADLP for implementation and appointed the Commanding General, TRADOC as the AEA. The program was designated an Acquisition Category (ACAT) I-AC and was implemented through the Major Automated Information System Review Council process in accordance with DOD Regulation R and Army Regulation TADLP is funded FY98-FY10 to field Digital Training Facilities (DTFs) and convert TRADOC courses to DL delivery media. TADLP is the Army s program to provide standard distributed individual, collective, and self-development training to all Army soldiers (Active, Reserve and National Guard) anywhere in the world - whether at home using their personal computer, at work using their office computer, on travel, or deployed in the field. The mission of TADLP is to improve readiness and training and support Army Transformation. TADLP supports this mission by exploiting current and emerging technologies, delivering the right training to the right soldier, at the right time and place. 2 TADLP is an integral part of the DOD Advanced Distributed Learning (ADL) initiative, which is setting standards for courseware collaboration, development, and content reuse across the DOD. For the purpose of this paper, TADLP consists of the following elements: The Army Distributed Learning Program (TADLP) - Redesigned courseware for DL delivery, acquisition and sustainment of DTFs, Classroom XXI upgrade initiative, acquisition and sustainment of the Army Learning Management System (LMS), and Deployable Training Campus. The Army National Guard s Distributive Training Technology Project (DTTP) - Redesigned courseware for DL delivery and Acquisition and sustainment of Digital Training Facilities (DTFs). Reserve Education and Learning (REAL) program Homeland Defense ADL SmartForce E-Learning As part of the TADLP Campaign Plan, approximately 525 Army courses are programmed for DL redesign between FY98 through FY10. Course media includes web-based, computer-based training (CBT), simulations, video teletraining (VTT) and audio-conferencing. The Project Manager, Distributed Learning Systems (PM DLS), has the responsibility to field the Army and Army Reserve DTFs and fielding the Army s LMS. The combined requirements of TADLP and the ARNG include approximately 850 TADLP/DTTP facilities worldwide based on distributed training requirements and soldier demographics. The fielding of the DTFs will put 95% of all soldiers within 50 miles or 90 minutes in driving time of a DTF by 4 th Quarter FY06. The ultimate goal is to bring training from the schoolhouse to wherever soldiers are located - in their homes, in their units, and to soldiers anywhere in the world. All of this while decreasing the number of days a soldier has to be away from their unit or family. [1] In accordance with the OASD C3I memorandum of January 4, 1996, Subject: Uniformed Badge System for the Department of Defense, the magnetic stripe on the CAC is to comply with the Security Equipment Integration Working Group Specification 012 for the ordering of magnetic stripe information for badging and access control systems. [2] USA TRADOC DCST TDAD. The Army Distance Learning Program Campaign Plan 2001 (21 August 2001). The Army DL Program became The Army Distributed Learning Program in 2002.
4 The LMS is an outgrowth of the need for an integrated system - automated whenever possible - to perform learning management functions (i.e. registration, enrollment, scheduling, student progress, etc.) for both resident and DL training/education instruction for Army civilian and military personnel. 1 The LMS will enable soldiers to register for self-paced courses, distribute on-line courseware, test and evaluate soldiers, enable Training NCOs to schedule events & resources, enable soldiers to evaluate training courses, facilitate on-line collaboration, provide course management tools for, and provide and maintain product and course catalogs.the Classroom XXI upgrade initiative will modernize 270 TRADOC schoolhouse resident classrooms with an open architecture, standards compliant, and fully networked multimedia infrastructure. The Classroom XXI classrooms are being used by the proponent school for resident training, as well as, acting as the front-end for distributed training in DTFs worldwide. The Deployable Training Campus, although still a proof of concept, has delivered DL-formatted military training, civilian education, and morale and welfare to soldiers deployed in the Sinai, Bosnia, Kosovo, and Hungary, as well as stationed in Germany. 2.3 earmyu Program Although the earmyu program falls outside of TADLP, it does fall under the oversight of the DL General Officer Steering Committee (DL GOSC) and therefore will be included in this paper. The US Army has created one of the most innovative programs of higher education in the world Army University Access Online (known as earmyu). EArmyU provides access to quality education for enlisted soldiers across the globe, helping them further their professional and personal goals and providing the Army with top preparation for its forces. 2 earmyu brings together a unique collaboration of colleges and universities offering a broad range of educational opportunities. earmyu offers approximately 116 programs from 21 different educational institutions. Through earmyu, soldiers have the opportunity to earn a certificate, associate, bachelor or master s degree from a home institution while taking courses from mu ltiple colleges and universities. It enrolls 31,000 soldier students, more than 5 percent of the Army's ranks, and is on track to expand to additional sites, reaching 80,000 enlistees by EArmyU provides soldiers with the tools they need to succeed in the online environment. Once enrolled, soldiers receive up to $4,500 per year for tuition, books and course fees, as well as a personal laptop, printer, account, an Internet Service Provider (ISP) account (Fiberlink), and a user ID and password. The user ID and password gives them access to their classes and additional student services, such as online tutoring assistance, access to an electronic library, software downloads, program mentoring services, and technical support from a 24/7 online help-desk. 3. Scope of Programs 3.1 Common Access Card (CAC)/Public Key Infrastructure (PKI) [The Army] Public Key encryption (PKE) guidance applies to all DA systems and networks, including networklevel applications, automated information systems, web server-level applications, and client software-level applications. It does not apply to the intelligence community sensitive compartmented information (SCI) and information systems operated within the DOD intelligence community that fall under the authority of the Director of Central Intelligence, or to users or applications on encrypted networks or in the tactical environment. Until policy is published for PKI in these environments, Army application requirements for those environments will be handled on a case-by-case basis. The guidance does not apply to any unclassified Army web server providing non-sensitive, publicly releasable information categorized as a private web server solely because it limits access to preserve copyright protection of information sources, facilitate its own development, or limit access to link(s) to limited access site(s). [1] ATTG-CF Memorandum, dated 26 June 01. SUBJECT: Army Learning Management System Update. This memorandum provides update to the Army concerning the Army s LMS, being developed and fielded by the PM, DLS. [2] Information on earmyu. Website located at [3] Mulrine, Anna. USNews.com article. (Special Report: E-Learning 10/28/02). Online Ed: It s in the Army now: A popular new program allows soldiers to study at home and abroad.
5 Applications that do not use or require the use of public key cryptography are not required to be enabled for the DOD PKI. However, applications that will benefit from the use of public key cryptography should be considered for inclusion if warranted by business case analysis CAC Implementation The CAC will be issued to eligible recipients by October The CAC will replace the eligible recipient s current Uniformed Services identification card for the same status whenever that card expires, is lost or stolen, or upon direction of local the command. All existing smart card implementations will migrate to the CAC by October Additionally, all applications using the barcode on the personnel identification card will migrate to the CAC by June Current Army guidance concerning the use of the CAC as the principal card to enable physical access does not require Army components to dismantle current access systems and it does not preclude the continued use of supplemental badging systems that are considered necessary to provide levels of security not presently afforded by the CAC. However, Army activities are to plan for migration to the next -generation CAC for general access control using any of the CAC's present or future access control capabilities. Under the DOD Common Access Card policy dated April 18, 2002, Those DOD Components currently using smart cards and smart card applications related to personnel are directed to migrate those card applications to the CAC no later 30 September, Issuance of the CAC will be conducted using the existing and planned infrastructure provided by DEERS/RAPIDS. Functions within the CAC include: Barcode for Functional Applications. Examples - Army Food Management Information System and US Air Force Military Immunization Tracking System Integrated Circuit Chip Location - SET-D Certificates and future space for other functional and service applications Magnetic Stripe - Proposed use for building and facility access and ATM access (latter Navy only) Medical Data: Shows the blood type and organ donor status Barcode for Personnel Data The certificates contained on the CAC will be issued against the users' Army Knowledge Online (AKO) accounts. All Army personnel, whether military or civilian, are required to have AKO account with an AKO address. AKO is moving to be the single point of entry into the Army s robust and scalable knowledge management system. Within the next couple of years, Army websites will utilize this single point of entry or the PKI certificates on the individuals CAC or both. 3 Teleworkers will require CAC readers on their telework computers if they access PK-enabled DOD networks and systems or send encrypted or digitally signed s from their telework location. Teleworkers qualify for PM SET-D centrally procured readers if they are regular and recurring teleworkers. Installations should submit any additional CAC reader requirements through their Major Commands to the PM SET-D. Major Commands are responsible for the cost of installing the reader/middleware for teleworkers. Ad hoc teleworkers will not qualify for PM SET D-procured readers, but local installations may choose to purchase CAC readers for them if there is a need for CAC functionality from an alternate worksite. 4 Current prices of CAC readers and middleware are included later in this paper. Teleworkers within this definition do not include personnel on travel or temporary duty. Further definition of telework is provided within DOD Directive , dated September 9, Eligible contractors who work at onsite DA facilities qualify for PM SET-D-procured CAC readers. Eligible contractors who work at offsite contractor facilities do not qualify for PM SET -D-procured readers. Army organizations may reimburse contractors for the purchase of CAC readers if there are provisions in their contract for reimbursable expenses. [1] HQDA Message, Office Sy mbol SAIS-ZA. (291900Z July 2002), op. cit., Section 1 of 5. [2] OSD Memorandum. (April 18, 2002). Subject: Common Access Card Changes. Page 3, paragraph 1. [3] SAIS-EIT Memorandum, dated January 30, Subject: Army Knowledge Online (AKO). [4] HQDA Message, Office Symbol SAIS-ZA. (291900Z July 2002), op. cit. section 2 of 5.
6 3.1.2 PKI Implementation The CAC is the official, standard implementation of class 3 PKI within the Department of the Army (DA), and all eligible Army users shall be issued Class 3 certificates on the CAC by October 2003 in compliance with the X.509 Certificate Policy. By October 2003, the DOD Class 3 PKI signing certificates will be used to digitally sign messages that are created and sent from any DA electronic mail system other than the Defense Message System (DMS). All messages created and sent from any DA system (other than DMS) will require encryption using the CAC encryption certificates. All new procurement actions that require public key cryptography will include in the solicitation process the requirement to use the DOD Class 3 PKI certificates no later than October Similarly, all Army initiatives that currently use public key cryptography must migrate to use DOD Class 3 PKI certificates by October Legacy systems targeted for replacement within 5 years that currently use non-dod Class 3 PKI will not migrate to the DOD Class 3 PKI infrastructure unless the migration is required to maintain current system interfaces. Army unclassified networks that authenticate users will be PK-enabled for client authentication by October 2003, conditional with (1) the availability of commercial certificate-based access control applications compatible with the network operating system and (2) the issuance of access control application-compatible certificates to all network users. 3.2 TADLP The DL program currently includes DA military and civilian training/education: Military Occupational Specialty (MOS) qualification courses; Additional Skill Identifier (ASI) and Skill Qualification Identifier (SQI) courses; reclassification courses; officer functional area and branch qualification courses; warrant officer technical certification; professional military education courses for officer (OES), warrant officer (WOES) and Noncommissioned Officer (NCOES); and functional training education courses which can be delivered via DL. The Enterprise Management Center (EMC), located at Fort Eustis, Virginia, manages this DTF information network. The EMC provides network connectivity and systems management for DTFs throughout the world via a 24/7 technical help desk. The EMC also ensures total information security. At each Active Army and USAR DTF is located a NetFortress network security device. The NetFortress provides high speed point to point encryption securing all communications within a single network and creation of a Virtual Private Networks and utilizes the highest levels of encryption technology to secure the integrity and confidentiality of your communications. The overall TADLP DTF system architecture is accredited in accordance with DOD and Army information security policies. 1 Each DTF is accredited to the Sensitive but Unclassified (SBU) level. Each DTF has security policies and procedures and is maintained by a DTF Manager that has the responsibility for overall security of the information and facility. 3.3 Distributive Training Technology Project (DTTP) Per the DTTP website 2, DTTP is a state-of-the-art communications and learning-delivery system designed to support the National Guard's traditional and expanding missions at home and abroad. Using DTTP resources, soldiers can now study foreign languages and improve skills in reading, writing, critical thinking, and information technology. There are more than 300 specially designed multimedia classrooms throughout the country, linked by a terrestrial network and emerging satellite technologies. DTTP classrooms consist of various hardware and software components that support the delivery of training and the exchange of knowledge across the country. Components are included from GuardNet XXI and the Integrated Information System. GuardNet XXI is the NGB s Asynchronous Transfer Mode (ATM) telecommunications network that supports DTTP as well as a number of Army National Guard enterprise management programs. According to William New of the National Journal in his article Broadband Guardians, GuardNet XXI operates on a broadband network that [1] DOD Instruction : DOD Information Technology Security Certification and Accreditation Process (DITSCAP), (Dec. 30, 1997); DOD Directive (DODD): Security Requirements for Automated Information Systems (DODD , Mar. 21, 1988); Army Regulation : Information Systems Security (Feb. 27, 1998); and Army Regulation [2] DTTP website is located at tp.ngb.army.mil/
7 was developed by a not-for-profit entity called the Community Learning and Information Network, or CLIN. Launched under a slightly different name in 1991 as a $500,000 project of the U.S. Chamber of Commerce, CLIN initially received funding from the Defense Advanced Research Projects Agency. Today, the National Guard is the primary user of CLIN's technology. 1 The existing GuardNet XXI infrastructure consists of seven regional hubs, 54 State Area Commands (STARCs), and classroom servers. Each GuardNet XXI regional hub serves a predefined geographical region of the United States. In each state, a STARC level node functions as an ATM switching center between that state s classroom server(s) and the corresponding regional hub. 2 DTTP is administered through the Integrated Information System (IIS), a system of hardware and software that provides classroom capabilities to support readiness training and shared use. The IIS is centrally managed yet allo ws sites to operate independently at the classroom level. It provides users with access to all network content and services and maintains a repository of content (i.e., courses and information) at the national level. When users request content, the IIS downloads the specific content to their local servers. 4. CAC/PKI/PKE Impact on DL Programs The largest impact to the DL programs is with the PKI requirement. All four major DL programs will have systems that must be PK-enabled to use identity certificates for user authentication and logon. Every workstation used to access DL programs will be required to have a functional smart card reader. 4.1 TADLP In coordination with TRADOC, the Army Training Support Center (ATSC) requested a study be conducted by the Army Research Institute to identify various forms of training compromise, such as obtaining questions beforehand or enlisting a proxy for test taking in non-proctored, web-based learning environments. The request stated that there is no definitive evidence that such training compromise is currently a problem in the Army, but greater use of distributed learning in the future coupled with reported trends of high levels of cheating among high school students, the Army s prime enlistment pool, is reason for concern. The study examined potential solutions, such as proctored test environments and biometric measures, recommended by a group of experts during a workshop hosted by Carnegie Mellon University. 3 The method of the study looked at solutions to training compromise from experts in the areas of test security practices, training design considerations, PKI, biometrics, and legal perspectives. Experts presented potential solutions to training compromise at a one-day workshop. The workshop was followed by a brainstorming session during which the 31 invited participants from government, academia, and industry generated 40 potential solutions. An Army advisory panel assessed the solutions based on cost, feasibility of implementation, ease of use, reliability and accuracy, then developed a final list of recommended solutions. The panel stated in their findings and recommendations, using affirmative obligations; live and virtual proctoring; multimodal biometrics and/or biographical information integrated into course design; implementing PKI to limit inappropriate access to courseware and tests; and considering test designs such as randomizing items, performance testing, time limits, limiting testing attempts, using no print/capture options, and tracking where test takers have been online. The recommendations are meant to function as general guidelines for solutions to training compromise. The usefulness of implementing any particular set of solutions is in large part dependent on the criticality of the train ing and testing under consideration. 4 Specifically speaking to PKI recommendations, the panel stated, PKI could be adopted in Army training as it is adopted Army -wide. Implementing PKI in training could provide the added benefit of creating ready access to a career management account that could be used as a transcript to document a soldier s education. This recommendation is not likely to be implemented in the short term, as it does rely on a change to the current infrastructure. 5 [1] New, William. (July 23, 2002). Broadband Guardians. GovExec.com. [2] GAO. (September 2002). NATIONAL GUARD: Effective Management Processes Needed for Wide-Area Network. [3] Army Research Institute. (June 2002). Study Report : Training on the Web: Identifying and Authenticating Learners. [4] Ibid, p. vii. [5] Ibid., p. 24
8 In speaking to the PM, DLS Security Officer, Tim Donahue, he stated the impact for the DTFs was negligible: 1 PM, DLS coordinated with PM SET-D to preposition current and future requirements for the CAC reader and required middleware for every seat within TADLP DTFs world wide - a total of 5,405 available seats. Concerning the digital signature requirement, the impact is also negligible since the DTFs do not allow exchange on the DTF computers. The DTF manager does have a computer that will be required to be PK-enabled. Current DTF security policy requires students to receive a local user ID and password that is at least 8 alpha-numeric characters. The students will use this local user ID and password while they are attending a DL course within the DTF. With the future PKE requirements, local domains and local user ID and passwords will not be supported. PK-enabling will include replacing existing or creating a new user authentication system that uses personal digital certificates instead of other technologies such as username/password or IP filtering. The Army is currently working on developing a PKE Waiver Policy that will establish the process by which a Command can submit an application for a waiver from the PKE requirement. This waiver may include issuing for varying lengths of time, and will require the application owners to develop a plan for how they will PK-enable their application in the future. TADLP is most impacted with personnel taking training courses from their home. Home computers will not come equipped with smart card readers or middleware and there is no plan to provide these items to users for their home computers. Part of the TADLP mission includes providing military training to the soldier wherever he or she is located, which does include attending DL courses from their home. A soldier is not expected to purchase their own CAC reader and middleware to attend a military DL course or an affiliated civilian education course. A policy must be developed to accommodate home computers used for DL training. 4.2 DTTP DTTP is impacted since its envisioned future includes shared use by industry, academia, and the general public. These external groups are not eligible to receive the CAC or its associated PKI certificates and will not be able to log on to networks or web servers. In addition, the Fiscal Year 2002 Defense Authorization act required the Government Accounting Office (GAO) to review GuardNet, which is used to support various Defense applications and was used to support homeland security activities after 9/11. GAO was asked to determine the current and potential requirements for GuardNet and the effectiveness of the processes for managing the network s requirements, configuration, and security. The GAO found deficiencies in requirements (requirements management plan not established), configuration (documentation of actual network configuration), and security (insufficient security controls to protect GuardNet). 2 The PKI requirement will compound correcting these deficiencies. 5. Conclusion The Army s implementation of DOD s PKI will impact information technology procedures throughout the Army, not just in DL programs. The PKI/CAC concept will change how the Army works on the internet and how it exchanges information. SET -D was established to field the Army s portion of the PKI/CAC/digital certificate devices but it falls short on the amount needed for the entire Army that includes soldiers and civilians taking DL training/education courses while at home or on temporary duty. Commands are required to program funding for additional CAC readers and middleware as well as the needed digital certificates for these situations. The PKI/CAC infrastructure will help in the some of the deficiencies noted within the Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations report on the US government s computer security vulnerabilities. PKI/CAC/digital certificates are only part of the DOD s computer security defense-in-depth. The level of impact to Distributed Learning programs is dependent on each agencies security policies and procedures. [1] Personal communication between Tim Donahue and author, December 20, 2002, via personal interview. [2] GAO. (September 2002), op. cit.
Department of Defense INSTRUCTION. SUBJECT: Public Key Infrastructure (PKI) and Public Key (PK) Enabling
Department of Defense INSTRUCTION NUMBER 8520.2 April 1, 2004 SUBJECT: Public Key Infrastructure (PKI) and Public Key (PK) Enabling ASD(NII) References: (a) DoD Directive 8500.1, "Information Assurance
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 1000.13 January 23, 2014 USD(P&R) SUBJECT: Identification (ID) Cards for Members of the Uniformed Services, Their Dependents, and Other Eligible Individuals References:
More information2. APPLICABILITY AND SCOPE
Department of Defense DIRECTIVE NUMBER 1000.25 July 19, 2004 Certified Current as of April 23, 2007 USD(P&R) SUBJECT: DoD Personnel Identity Protection (PIP) Program References: (a) DoD Directive 1000.22,
More informationFrequently Asked Questions
Frequently Asked Questions Naval VAMOSC Public Key Infrastructure/ Common Access Card (PKI/CAC) Registration and Log in Please Note: A PKI-enabled browser is required for certificate registration and to
More informationFrequently Asked Questions (FAQs) SIPRNet Hardware Token
Air Force Public Key Infrastructure System Program Office (ESC/HNCDP) Phone: 210-925-2562 / DSN: 945-2562 Web: https://afpki.lackland.af.mil Frequently Asked Questions (FAQs) SIPRNet Hardware Token Updated:
More information2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.
Purpose and Scope The purpose of this policy is to define the roles and responsibilities on implementing the Homeland Security Presidential Directive 12 (HSPD-12) Logical Access Control (LAC) throughout
More informationNOAA HSPD-12 PIV-II Implementation October 23, 2007. Who is responsible for implementation of HSPD-12 PIV-II?
NOAA HSPD-12 PIV-II Implementation What is HSPD-12? Homeland Security Presidential Directive 12 (HSPD-12) is a Presidential requirement signed on August 27, 2004 requiring Federal agencies comply with
More informationAPPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS
APPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS Section 5123 of the Clinger-Cohen Act requires that the Department establish goals for improving the efficiency and effectiveness of agency operations
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 1322.19 March 14, 2013 USD(P&R) SUBJECT: Voluntary Education Programs in Overseas Areas References: See Enclosure 1. 1. PURPOSE. This instruction: a. Reissues DoD
More informationDepartment of Defense DIRECTIVE
Department of Defense DIRECTIVE NUMBER 5105.77 October 30, 2015 DCMO SUBJECT: National Guard Bureau (NGB) References: See Enclosure 1 1. PURPOSE. Pursuant to the authority vested in the Secretary of Defense
More informationDepartment of Defense PKI Use Case/Experiences
UNCLASSIFIED//FOR OFFICIAL USE ONLY Department of Defense PKI Use Case/Experiences PKI IMPLEMENTATION WORKSHOP Debbie Mitchell DoD PKI PMO dmmitc3@missi.ncsc.mil UNCLASSIFIED//FOR OFFICIAL USE ONLY Current
More informationTITLE III INFORMATION SECURITY
H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 4630.09 July 15, 2015 DoD CIO SUBJECT: Communication Waveform Management and Standardization References: See Enclosure 1 1. PURPOSE. This instruction: a. Reissues
More informationDepartment of Defense INSTRUCTION. DoD Information Assurance Scholarship Program
Department of Defense INSTRUCTION NUMBER 8145.01 January 17, 2012 DoD CIO SUBJECT: DoD Information Assurance Scholarship Program References: See Enclosure 1 1. PURPOSE. This Instruction: a. Implements
More informationDepartment of Defense DIRECTIVE
Department of Defense DIRECTIVE NUMBER 5400.11 October 29, 2014 DCMO SUBJECT: DoD Privacy Program References: See Enclosure 1 1. PURPOSE. This directive: a. Reissues DoD Directive (DoDD) 5400.11 (Reference
More informationDepartment of Defense INSTRUCTION. Public Key Infrastructure (PKI) and Public Key (PK) Enabling
Department of Defense INSTRUCTION NUMBER 8520.02 May 24, 2011 ASD(NII)/DoD CIO SUBJECT: Public Key Infrastructure (PKI) and Public Key (PK) Enabling References: See Enclosure 1 1. PURPOSE. This Instruction:
More informationDepartment of Defense Information Assurance Scholarship Program. Sponsored by the. DoD Chief Information Officer
Department of Defense Information Assurance Scholarship Program Sponsored by the DoD Chief Information Officer SOLICITATION FOR PROPOSALS From Universities Designated by the National Security Agency (NSA)
More informationInstructions for completing USFK Theater Specific Required Training
Welcome Welcome to the website designed to facilitate completion of mandatory training that arriving personnel and units assigned to, rotating to, or in temporary duty status to USFK must complete prior
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 3204.01 August 20, 2014 USD(AT&L) SUBJECT: DoD Policy for Oversight of Independent Research and Development (IR&D) References: See Enclosure 1 1. PURPOSE. This
More informationDepartment of Defense SHA-256 Migration Overview
Department of Defense SHA-256 Migration Overview 18 March 2011 Tim Fong DoD-CIO/ IIA Timothy.Fong@osd.mil General Observations This is Important INFOSEC: Algorithms can be compromised over time. Crypto
More informationort Office of the Inspector General Department of Defense YEAR 2000 COMPLIANCE OF THE STANDARD ARMY MAINTENANCE SYSTEM-REHOST Report Number 99-165
it ort YEAR 2000 COMPLIANCE OF THE STANDARD ARMY MAINTENANCE SYSTEM-REHOST Report Number 99-165 May 24, 1999 Office of the Inspector General Department of Defense Additional Copies To obtain additional
More informationRAPIDS Self Service User Guide
Page 1 RAPIDS Self Service User Guide https://www.dmdc.osd.mil/self_service Page 2 Introduction The RAPIDS Self Service (RSS) application provides sponsors with the capability to generate a DD Form 1172-2
More informationSubj: NAVY IMPLEMENTATION OF DEPARTMENT OF DEFENSE INTELLIGENCE INFORMATION SYSTEM (DODIIS) PUBLIC KEY INFRASTRUCTURE (PKI)
DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC 20350-2000 IN REPLY REFER TO OPNAVINST 5239.3A N2 OPNAV INSTRUCTION 5239.3A From: Chief of Naval Operations
More informationDepartment of Defense MANUAL
Department of Defense MANUAL NUMBER 3305.09 May 27, 2014 USD(I) SUBJECT: Cryptologic Accreditation and Certification References: See Enclosure 1 1. PURPOSE. This manual: a. Provides accreditation guidance
More informationDepartment of Defense INSTRUCTION. SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing
Department of Defense INSTRUCTION NUMBER 8560.01 October 9, 2007 ASD(NII)/DoD CIO SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing References: (a) DoD
More informationIT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO-6009-09 TABLE OF CONTENTS
OFFICE OF THE CHIEF INFORMATION OFFICER Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: Section I. PURPOSE II. AUTHORITY III. SCOPE IV. DEFINITIONS V. POLICY VI. RESPONSIBILITIES
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department's Configuration Management of Non-Financial Systems OAS-M-12-02 February 2012 Department
More information17 July 2015 TECHNICIAN POSITION VACANCY ANNOUNCEMENT #15-084. POSITION: IT Specialist (CUSTSPT) (D0269000) (GS-2210-07/09) EXCEPTED POSITION
DEPARTMENT OF DEFENSE, VETERANS AND EMERGENCY MANAGEMENT Military Bureau Joint Force Headquarters, Maine National Guard Camp Keyes, Augusta, Maine 04333-0033 17 July 2015 TECHNICIAN POSITION VACANCY ANNOUNCEMENT
More informationGAO PERSONAL ID VERIFICATION. Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards
GAO United States Government Accountability Office Report to Congressional Requesters September 2011 PERSONAL ID VERIFICATION Agencies Should Set a Higher Priority on Using the Capabilities of Standardized
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationGAO DEFENSE ACQUISITIONS. Knowledge of Software Suppliers Needed to Manage Risks. Report to Congressional Requesters
GAO United States General Accounting Office Report to Congressional Requesters May 2004 DEFENSE ACQUISITIONS Knowledge of Software Suppliers Needed to Manage Risks GAO-04-678 May 2004 DEFENSE ACQUISITIONS
More informationGAO ELECTRONIC GOVERNMENT ACT. Agencies Have Implemented Most Provisions, but Key Areas of Attention Remain
GAO United States Government Accountability Office Report to the Committee on Homeland Security and Governmental Affairs, U.S. Senate September 2012 ELECTRONIC GOVERNMENT ACT Agencies Have Implemented
More informationARMY COURSE CATALOG INTRODUCTION (SI)
ARMY COURSE CATALOG INTRODUCTION (SI) DA PAM 351-4 INTRODUCTION 1-1. Purpose: The Army Formal Schools Catalog is the official source of information on formal courses of instruction offered at active U.S.
More informationDepartment of Defense INSTRUCTION. SUBJECT: Information Assurance (IA) in the Defense Acquisition System
Department of Defense INSTRUCTION NUMBER 8580.1 July 9, 2004 SUBJECT: Information Assurance (IA) in the Defense Acquisition System ASD(NII) References: (a) Chapter 25 of title 40, United States Code (b)
More informationSECRETARY OF THE ARMY WASHINGTON
SECRETARY OF THE ARMY WASHINGTON 2 2 JUN 2016 MEMORANDUM FOR SEE DISTRIBUTION SUBJECT: Army Directive 2016-18 (Divesting Legacy Information Technology Hardware, Software, and Services in Support of the
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)
More informationDoD Cloud Computing Strategy Needs Implementation Plan and Detailed Waiver Process
Inspector General U.S. Department of Defense Report No. DODIG-2015-045 DECEMBER 4, 2014 DoD Cloud Computing Strategy Needs Implementation Plan and Detailed Waiver Process INTEGRITY EFFICIENCY ACCOUNTABILITY
More informationDepartment of Defense DIRECTIVE
Department of Defense DIRECTIVE NUMBER 5118.05 April 20, 2012 DA&M SUBJECT: Defense Finance and Accounting Service (DFAS) References: See Enclosure 1 1. PURPOSE. Pursuant to the authority vested in the
More informationDepartment of Defense MANUAL. Procedures for Ensuring the Accessibility of Electronic and Information Technology (E&IT) Procured by DoD Organizations
Department of Defense MANUAL NUMBER 8400.01-M June 3, 2011 ASD(NII)/DoD CIO SUBJECT: Procedures for Ensuring the Accessibility of Electronic and Information Technology (E&IT) Procured by DoD Organizations
More informationDepartment of Defense DIRECTIVE
Department of Defense DIRECTIVE NUMBER 4205.01 March 10, 2009 USD(AT&L) SUBJECT: DoD Small Business Programs References: See Enclosure 1 1. PURPOSE. This Directive: a. Reissues DoD Directive 4205.01 (Reference
More informationDepartment of Defense INSTRUCTION. Measurement and Signature Intelligence (MASINT)
Department of Defense INSTRUCTION NUMBER 5105.58 April 22, 2009 USD(I) SUBJECT: Measurement and Signature Intelligence (MASINT) References: See Enclosure 1 1. PURPOSE. This Instruction reissues DoD Instruction
More informationSTATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE
STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE HOUSE OVERSIGHT AND GOVERNMENT REFORM COMMITTEE S INFORMATION TECHNOLOGY SUBCOMMITTEE AND THE VETERANS
More informationDepartment of Defense DIRECTIVE
Department of Defense DIRECTIVE NUMBER 5505.13E March 1, 2010 ASD(NII)/DoD CIO SUBJECT: DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3) References: See Enclosure 1 1. PURPOSE. This Directive:
More informationCouncil of College and Military Education Webinar 17 August 2011
Council of College and Military Education Webinar 17 August 2011 Department of Defense Voluntary Education Partnership Memorandum of Understanding* Between DoD Office of the Under Secretary of Defense
More informationInformation Technology
September 11, 2002 Information Technology The Defense Advanced Research Projects Agency s Transition of Advanced Information Technology Programs (D-2002-146) Department of Defense Office of the Inspector
More informationHow To Audit The Mint'S Information Technology
Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit
More informationDepartment of Defense INSTRUCTION. SUBJECT: Fellowships, Scholarships, Training With Industry (TWI), and Grants for DoD Personnel
Department of Defense INSTRUCTION NUMBER 1322.06 November 15, 2007 USD(P&R) SUBJECT: Fellowships, Scholarships, Training With Industry (TWI), and Grants for DoD Personnel References: (a) DoD Directive
More informationE-LEARNING IN THE MILITARY: MEETING THE CHALLENGE
E-LEARNING IN THE MILITARY: MEETING THE CHALLENGE Wallace Wood, Bryant College, wwood@bryant.edu David Douglas, University of Arkansas at Fayetteville, douglas@walton.uark.edu Susan Haugen, University
More informationSECUREXAM REMOTE PROCTOR SYSTEM MEDIA KIT
A future of opportunities. SECUREXAM REMOTE PROCTOR SYSTEM MEDIA KIT OFFICE OF UNIVERSITY RELATIONS MEDIA INQUIRIES 334-670-3196 troy.edu urelations@troy.edu SECUREXAM REMOTE PROCTOR SYSTEM OVERVIEW With
More informationDepartment of Defense INSTRUCTION. Policy on Graduate Education for Military Officers
Department of Defense INSTRUCTION NUMBER 1322.10 April 29, 2008 USD(P&R) SUBJECT: Policy on Graduate Education for Military Officers References: (a) DoD Directive 1322.10, Policy on Graduate Education
More informationDEFENSE CONTRACT MANAGEMENT AGENCY PROCUREMENT, DEFENSE WIDE Fiscal Year (FY) 2002 Amended President's Budget
PROCUREMENT, DEFENSE WIDE Fiscal Year (FY) 2002 Amended President's Budget EXHIBIT TITLE PAGE Purpose and Scope/Justification of Funds 2 P-1 Summary 6 P-1C Comparison Report 7 PB-1 Summary of FY 2002-2003
More informationWestern Michigan University E-Learning Standards
Page 1 of 8 Western Michigan University E-Learning Standards Approved 10/25/2010 by the Western Michigan University Faculty Senate Committee on Extended University Programs Reviewed and Supported by the
More informationDBIDS/IACS PRIVACY IMPACT ASSESSMENT (PIA) 2. Name of IT System: Defense Biometric Identification System (DBIDS)
DBIDS/IACS PRIVACY IMPACT ASSESSMENT (PIA) (Use N/A where appropriate) 1. DoD Component: Defense Manpower Data Center (DMDC) 2. Name of IT System: Defense Biometric Identification System (DBIDS) 3. Budget
More informationReport No. D-2010-058 May 14, 2010. Selected Controls for Information Assurance at the Defense Threat Reduction Agency
Report No. D-2010-058 May 14, 2010 Selected Controls for Information Assurance at the Defense Threat Reduction Agency Additional Copies To obtain additional copies of this report, visit the Web site of
More informationDeputy Chief Financial Officer Peggy Sherry. And. Chief Information Security Officer Robert West. U.S. Department of Homeland Security.
Deputy Chief Financial Officer Peggy Sherry And Chief Information Security Officer Robert West U.S. Department of Homeland Security Testimony Before the Subcommittee on Government Organization, Efficiency
More informationAudit of Case Activity Tracking System Security Report No. OIG-AMR-33-01-02
Audit of Case Activity Tracking System Security Report No. OIG-AMR-33-01-02 BACKGROUND OBJECTIVES, SCOPE, AND METHODOLOGY FINDINGS INFORMATION SECURITY PROGRAM AUDIT FOLLOW-UP CATS SECURITY PROGRAM PLANNING
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 5545.04 April 7, 2011 USD(P&R) SUBJECT: Policy on the Congressional Reporting Process for Military Educational Institutions Seeking to Establish, Modify, or Redesignate
More informationREMOTE ACCESS POLICY OCIO-6005-09 TABLE OF CONTENTS
OFFICE OF THE CHIEF INFORMATION OFFICER REMOTE ACCESS POLICY OCIO-6005-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: TABLE OF CONTENTS Section I. PURPOSE II. AUTHORITY III.
More informationU. S. Department of Justice Information Technology Strategic Plan. Appendix E. Public Key Infrastructure at the Department of Justice.
U. S. Department of Justice Information Technology Strategic Plan Public Key Infrastructure at the Department of Justice White Paper * Introduction As part of its strategic plan, the Department of Justice
More informationDEFENSE ACQUISITION WORKFORCE
United States Government Accountability Office Report to Congressional Committees December 2015 DEFENSE ACQUISITION WORKFORCE Actions Needed to Guide Planning Efforts and Improve Workforce Capability GAO-16-80
More informationDEPARTMENTAL REGULATION
U.S. DEPARTMENT OF AGRICULTURE WASHINGTON, D.C. 20250 DEPARTMENTAL REGULATION SUBJECT: Identity, Credential, and Access Management Number: 3640-001 DATE: December 9, 2011 OPI: Office of the Chief Information
More informationOffice of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,
More informationOffice of Information Technology Service Catalog FY2015
Office of Information Technology Service Catalog FY2015 Office of Information Technology Service Catalog FY2015 Table of Contents Accounts & Passwords... 3 Administrative... 4 Business Tools and Services...
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 1300.26 November 20, 2013 USD(C)/CFO SUBJECT: Operation of the DoD Financial Management Certification Program References: See Enclosure 1 1. PURPOSE. This instruction:
More informationNASA Information Technology Requirement
NASA Information Technology Requirement NITR-2800-2 Effective Date: September 18,2009 Expiration Date: September 18, 2013 Email Services and Email Forwarding Responsible Office: OCIO/ Chief Information
More informationDivision/Unit/Department: Information Technology Plan 2012-2017
Administrative Plan - 1 Division/Unit/Department: Information Plan 2012-2017 I. Introduction State your administrative department/unit/division mission statement. The Information Division's mission is
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 3305.09 June 13, 2013 USD(I) SUBJECT: DoD Cryptologic Training References: See Enclosure 1 1. PURPOSE. In accordance with the authority in DoD Directive 5143.01
More informationSUBJECT: systems. in DoD. capabilities. d. Aligns identity. (Reference (c)). (1) OSD, the Staff and
Department of Defense INSTRUCTION NUMBER 8520.03 May 13, 2011 ASD(NII)/DoDD CIO SUBJECT: Identity Authentication for Information Systems References: See Enclosure 1 1. PURPOSE. In accordance with the authority
More informationThe Cost and Economic Analysis Program
Army Regulation 11 18 Army Programs The Cost and Economic Analysis Program Headquarters Department of the Army Washington, DC 19 August 2014 UNCLASSIFIED SUMMARY of CHANGE AR 11 18 The Cost and Economic
More informationNetwork Systems Integration
Network Systems Integration Strong Networks for Mission-Critical Services Turnkey Solutions for Today s Large-Scale Networks Government and business enterprises turn to General Dynamics Information Technology
More informationOffice of Information Technology Service Catalog FY2015
Office of Information Technology Service Catalog FY2015 Office of Information Technology Service Catalog FY2015 Table of Contents Accounts & Passwords... 3 Administrative... 4 Business Tools and Services...
More informationU.S. Army Audit Agency Service Ethics Progress Foreign Language Program Training and Proficiency
U.S. Army Audit Agency Service Ethics Progress Foreign Language Program Training and Proficiency Offices of the Deputy Chief of Staff, G-2 and the Deputy Chief of Staff, G-1 Audit Report: A-2010-0141-ZBI
More informationFollowup Audit: Enterprise Blood Management System Not Ready for Full Deployment
Inspector General U.S. Department of Defense Report No. DODIG 2015 008 OCTOBER 23, 2014 Followup Audit: Enterprise Blood Management System Not Ready for Full Deployment INTEGRITY EFFICIENCY ACCOUNTABILITY
More informationEnabling the University CIO Strategic Plan 2013-2018. Vision for 2020. Mission
Enabling the University CIO Strategic Plan 2013-2018 NDU will create exceptional and innovative solutions and services that enable advanced joint education, leadership and scholarship (NDU Strategic Plan
More informationUNCLASSIFIED FY 2015. Prior Years FY 2013 FY 2014. Total Cost. COST ($ in Millions) The FY 2015 OCO Request will be submitted at a later date.
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Defense Security Cooperation Agency Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development
More informationGOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.
PERSONAL IDENTITY VERIFICATION (PIV) OVERVIEW INTRODUCTION (1) Welcome to the Homeland Security Presidential Directive 12 (HSPD-12) Personal Identity Verification (PIV) Overview module, designed to familiarize
More informationDoD Needs an Effective Process to Identify Cloud Computing Service Contracts
Inspector General U.S. Department of Defense Report No. DODIG-2016-038 DECEMBER 28, 2015 DoD Needs an Effective Process to Identify Cloud Computing Service Contracts INTEGRITY EFFICIENCY ACCOUNTABILITY
More informationArmy Training Help Desk. Fort Eustis, Virginia
Supporting Soldiers Army Training Help Desk Fort Eustis, Virginia 1 Help Desk Update 2 U. S. Training and Doctrine Command TRADOC Mission Recruits, trains and educates the Army's Soldiers; develop leaders;
More informationProposal to Deliver the BBA and the MBA Degree Programs at Off-Campus Site Fairburn Educational Complex Fairburn, Georgia
BOARD OF REGENTS OF THE UNIVERSITY SYSTEM OF GEORGIA Proposal to Deliver the BBA and the MBA Degree Programs at Off-Campus Site Fairburn Educational Complex Fairburn, Georgia If an institution seeks to
More information22 April 2014 TECHNICIAN POSITION VACANCY ANNOUNCEMENT #14-052. POSITION: Deputy Financial Manager (D1058000) (GS-0505-11/12) EXCEPTED POSITION
DEPARTMENT OF DEFENSE, VETERANS AND EMERGENCY MANAGEMENT Military Bureau Joint Force Headquarters, Maine National Guard Camp Keyes, Augusta, Maine 04333-0033 22 April 2014 TECHNICIAN POSITION VACANCY ANNOUNCEMENT
More informationPRIVACY IMPACT ASSESSMENT (PIA) For the
PRIVACY IMPACT ASSESSMENT (PIA) For the Healthcare Continuing Education and Training Enterprise Subscription Service (Swank Healthcare) US Army Medical Command - Defense Health Program (DHP) Funded Application
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION SUBJECT: National Defense Intelligence College University (NDIC NIU) NUMBER 3305.01 December 22, 2006 Incorporating Change 1, February 9, 2011 USD(I) References: (a) DoD
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationUnited States Government Accountability Office November 2010 GAO-11-148
GAO United States Government Accountability Office Report to November 2010 HEALTH INFORMATION TECHNOLOGY DOD Needs to Provide More Information on Risks to Improve Its Program Management GAO-11-148 November
More informationGAO INFORMATION SECURITY. Weak Controls Place Interior s Financial and Other Data at Risk. Report to the Secretary of the Interior
GAO United States General Accounting Office Report to the Secretary of the Interior July 2001 INFORMATION SECURITY Weak Controls Place Interior s Financial and Other Data at Risk GAO-01-615 United States
More informationPublic Law 113 283 113th Congress An Act
PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Improved Security Required for DHS Networks (Redacted) Notice: The Department of Homeland Security, Office of Inspector General, has redacted
More informationGAO MAJOR AUTOMATED INFORMATION SYSTEMS. Selected Defense Programs Need to Implement Key Acquisition Practices
GAO United States Government Accountability Office Report to Congressional Addressees March 2013 MAJOR AUTOMATED INFORMATION SYSTEMS Selected Defense Programs Need to Implement Key Acquisition Practices
More informationDepartment of Defense DIRECTIVE
Department of Defense DIRECTIVE NUMBER 5205.16 September 30, 2014 USD(I) SUBJECT: The DoD Insider Threat Program References: See Enclosure 1 1. PURPOSE. In accordance with sections 113 and 131 through
More informationDepartment of Defense DIRECTIVE. SUBJECT: Management of the Department of Defense Information Enterprise
Department of Defense DIRECTIVE SUBJECT: Management of the Department of Defense Information Enterprise References: See Enclosure 1 NUMBER 8000.01 February 10, 2009 ASD(NII)/DoD CIO 1. PURPOSE. This Directive:
More informationPRIME IDENTITY MANAGEMENT CORE
PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It
More informationThe Army Learning Management System Product Lead, Distributed Learning System
The Army Learning Management System Product Lead, Distributed Learning System 1. General. The Army Learning Management System (ALMS) is the third component of the Army s evolutionary acquisition strategy
More informationAccess Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL
AU7087_C013.fm Page 173 Friday, April 28, 2006 9:45 AM 13 Access Control The Access Control clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical
More informationDefense Security Service
Defense Security Service Electronic Fingerprint Capture Options for Industry Version 2.0 January 2013 Issuing Office: Defense Security Service Russell Knox Building 27130 Telegraph Rd Quantico VA 22134
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 5015.02 February 24, 2015 DoD CIO SUBJECT: DoD Records Management Program References: See Enclosure 1 1. PURPOSE. This instruction reissues DoD Directive (DoDD)
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationOffice of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide Oracle Database Controls Department of Technology, Management, and Budget March 2015 071-0565-14 State of Michigan Auditor General Doug
More informationDepartment of Defense DIRECTIVE
Department of Defense DIRECTIVE NUMBER 8140.01 August 11, 2015 DoD CIO SUBJECT: Cyberspace Workforce Management References: See Enclosure 1 1. PURPOSE. This directive: a. Reissues and renumbers DoD Directive
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 8910.01 May 19, 2014 DoD CIO SUBJECT: Information Collection and Reporting References: See Enclosure 1 1. PURPOSE. This instruction: a. Reissues DoD Instruction
More informationReport No. D-2008-047 February 5, 2008. Contingency Planning for DoD Mission-Critical Information Systems
Report No. D-2008-047 February 5, 2008 Contingency Planning for DoD Mission-Critical Information Systems Additional Copies To obtain additional copies of this report, visit the Web site of the Department
More information