PLATFORM INFORMATION TECHNOLOGY DEFINITIONS FOR THE DEPARTMENT OF THE NAVY

Similar documents
Department of Defense INSTRUCTION. SUBJECT: Information Assurance (IA) in the Defense Acquisition System

AF Life Cycle Management Center

4. Objective. To provide guidelines for IS requirements and LCM support under NMCI.

Information Assurance Manual

Directives and Instructions Regarding Wireless LAN in Department of Defense (DoD) and other Federal Facilities

Department of Defense DIRECTIVE. SUBJECT: Management of the Department of Defense Information Enterprise

DEPARTMENT OF THE NAVY DOD INFORMATION ASSURANCE CERTIFICATION AND ACCREDITATION PROCESS (DIACAP) HANDBOOK. Version 1.0

Interim Department of Defense (DoD) Certification and Accreditation (C&A) Process Guidance

FAST FILE TRANSFER INFORMATION ASSURANCE ASSESSMENT REPORT

Directives and Instructions Regarding Security and Installation of Wireless LAN in DoD Federal Facilities

Ports, Protocols, and Services Management (PPSM)

U.S. FLEET CYBER COMMAND U.S. TENTH FLEET DoD RMF Transition

Department of Defense INSTRUCTION

PLATFORM IT GUIDANCE

DEPARTMENT OF THE NAVY RECORDS MANAGEMENT PROGRAM

Security Certification & Accreditation of Federal Information Systems A Tutorial

Standards for Security Categorization of Federal Information and Information Systems

Department of Defense. SUBJECT: Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS)

Subj: DEPARTMENT OF THE NAVY CYBERSECURITY/INFORMATION ASSURANCE WORKFORCE MANAGEMENT, OVERSIGHT, AND COMPLIANCE

System Security Engineering

DIACAP Presentation. Presented by: Dennis Bailey. Date: July, 2007

Department of Defense

NAVY RECORDS MANAGEMENT PROGRAM COMMAND PROGRAM GUIDE

Department of Defense INSTRUCTION

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

Subj: NAVY IMPLEMENTATION OF DEPARTMENT OF DEFENSE INTELLIGENCE INFORMATION SYSTEM (DODIIS) PUBLIC KEY INFRASTRUCTURE (PKI)

Applying the DOD Information Assurance C&A Process (DIACAP) Overview

TITLE III INFORMATION SECURITY

Department of Defense INSTRUCTION

SUBJECT: systems. in DoD. capabilities. d. Aligns identity. (Reference (c)). (1) OSD, the Staff and

Subj: DEPARTMENT OF THE NAVY INFORMATION ASSURANCE POLICY

Department of Defense INSTRUCTION. SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing

Department of Defense INSTRUCTION

Legislative Language

Department of Defense MANUAL

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

Marine Corps. Commercial Mobile Device Strategy

Safety and Airworthiness Cases for Unmanned System Control Segments. George Romanski, Joe Wlad S5 Symposium, Dayton, OH June 12-14, 2012

Enterprise Services to the Edge

1. Has your command deployed an Enterprise Content Management (ECM) application? Yes, but we do not have TRIM deployed in ECM mode.

RMF. Cybersecurity and the Risk Management. Framework UNCLASSIFIED

Public Law th Congress An Act

DoD Cloud Computing Strategy Needs Implementation Plan and Detailed Waiver Process

Minimum Security Requirements for Federal Information and Information Systems

Department of Defense INSTRUCTION

CNATRAINST N6 6 Oct Subj: CHIEF OF NAVAL AIR TRAINING COMMAND CYBERSECURITY PROGRAM

The Challenge. Shipboard crew members need training because cadres are not expected to provide a long-term ConOps for UUV employment.

DEPARTMENT OF THE NAVY. OFFICE OF THE SECRETARY JAN 3a NAVY PENTAGON WASHINGTON, D.C

Security in Space: Intelsat Information Assurance

SPAWAR HQ ARCHITECTURE AND HUMAN SYSTEMS GROUP Human-Systems Integration/Systems Engineering Support Performance Work Statement

Security Requirements

DISA Testing Services for the Enterprise. Luanne Overstreet

DEFENSE INFORMATION SYSTEMS AGENCY P. O. BOX 549 FORT MEADE, MARYLAND

Department of Defense INSTRUCTION. SUBJECT: Defense Research, Development, Test and Evaluation (RDT&E) Information Exchange Program (IEP)

GAO DEFENSE DEPARTMENT CYBER EFFORTS. More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

SECNAVINST A ASN(M&RA) 01 Dec Subj: DEPARTMENT OF THE NAVY VOLUNTARY EDUCATION (VOLED) PROGRAM

Department of Defense INSTRUCTION. Public Key Infrastructure (PKI) and Public Key (PK) Enabling

Guideline for Identifying an Information System as a National Security System

Department of Defense INSTRUCTION

OPNAVINST F N96 8 FEB Subj: SURFACE SHIP SURVIVABILITY TRAINING REQUIREMENTS

RECORDS MANAGEMENT VITAL RECORDS MANAGEMENT

National Information Assurance Certification and Accreditation Process (NIACAP)

Estimating Cloud Computing Costs: Practical Questions for Programs

NIST A: Guide for Assessing the Security Controls in Federal Information Systems. Samuel R. Ashmore Margarita Castillo Barry Gavrich

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

CYBER SECURITY WORKFORCE

UNCLASSIFIED NATIONAL POLICY ON CERTIFICATION AND ACCREDITATION OF NATIONAL SECURITY SYSTEMS UNCLASSIFIED. CNSS Policy No.

Information Blue Valley Schools FEBRUARY 2015

Subj: CYBERSPACE/INFORMATION TECHNOLOGY WORKFORCE CONTINUOUS LEARNING

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY. NOTICE: This publication is available digitally on the AFDPO WWW site at:

D E PAR TME NT OF THE NAVY OFFICE OF THE SECR ET A R Y 1000 N A VY PENT A G ON W A SHI N G T ON D C

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC

Space and Naval Warfare Systems Center Atlantic

OPNAVINST A N4 5 Jun Subj: OPERATING MATERIALS AND SUPPLIES AND GOVERNMENT FURNISHED MATERIAL MANAGEMENT

PRIVACY IMPACT ASSESSMENT (PIA) For the

Jeff Shockley Roche Diagnostics

SECRETARY OF THE NAVY SAFETY EXCELLENCE AWARDS

PRIVACY IMPACT ASSESSMENT (PIA) For the

How To Manage The Navy Marine Corps Intranet

MCO LR 15 May 2009

Data at Rest Security in Navy/NMCI. Steven Gillis ONR Information Assurance Manager 10 January 2008

Department of Defense INSTRUCTION. Security of Unclassified DoD Information on Non-DoD Information Systems

Cybersecurity Throughout DoD Acquisition

Security Model and Enforcement for Data-Centric Pub/Sub with High Information Assurance Requirements

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE

PRIVACY IMPACT ASSESSMENT (PIA) For the

Transcription:

PLATFORM INFORMATION TECHNOLOGY DEFINITIONS FOR THE DEPARTMENT OF THE NAVY 27 Nov 07 I. PURPOSE This document defines Platform Information Technology (IT) for IT networks, systems and IT components within the Department of the Navy (DON). It is based primarily on Department of Defense (DoD) Instruction 8500.1 and Secretary of the Navy (SECNAV) Instruction SECNAVINST 5239.3A. Definitions, concepts and interpretation are derived from these sources. II. DEFINITION OF TERMS This section lists terms and definitions that pertain to Platform IT. GENERAL PURPOSE A system used for routine administrative and business applications, including payroll, finance, logistics, and personnel management applications. General purpose systems are normally not built for a unique application, and do not fall outside the definition of special purpose systems as defined by DoD 8500 series guidance. GLOBAL INFORMATION GRID (GIG) The globally interconnected, end-to-end set of information capabilities, associated processes, and personnel for collecting, processing, storing, disseminating, and managing information on demand to war fighters, policy makers, and support personnel. Includes but is not limited to NIPR, SIPR, JWICS, and NMCI. (Ref: DoDD 8100.1, 19 Sep 2002) PLATFORM A vehicle, structure or person that performs a mission in support of US National Security policy; and aboard or in which a DoD national security system may be installed to support assigned missions. Generally, the term platform includes, but is not limited to, Aircraft, Ship, Submarine, Shore Facility (such as NOC, JIC, Command Center, Hospital, Base Power Plants), Ground Vehicle (such as HMMWVs, Tanks, Strykers), Remotely Operated Vehicle (such as UAV, USV, UUV), and a Sailor or Marine in the field. PLATFORM IT Derived from DoDD 8500.1, Paragraph E2.1.16.4, Platform IT: 1. REFERS TO computer resources, both hardware and software, that are physically part of, dedicated to, or essential in real time to the mission performance of special-purpose systems. PIT does not include general purpose systems. - 1 -

2. MAY: a. Reside aboard or on a platform b. Be stand-alone c. Have an interconnection to other Platform IT (known as a Platform IT-to-Platform IT Interconnection ) d. Have a Platform IT Interconnection (see DoDI 8500.1) to other IT that is not Platform IT (e.g., a general-use ship s network, such as ISNS, or a non-platform IT system) BOUNDARY The physical and/or logical limit of a platform or the physical and/or logical limit of the information system as determined by the system description. CONNECTION The physical or logical interface that allows data to flow between components in a system, between systems within a system-of-systems, or between information systems installed onboard different platforms. 1. Platform IT Interconnection (): a. A physical or logical connection at or crossing the boundary between a Platform IT system and a non-platform IT system 2. Platform IT to Platform IT Interconnection (PTPI): a. A physical or logical connection at or crossing the boundary between a Platform IT system and another Platform IT system - 2 -

Aegis ISNS GCCS-M NAVSSI Other SATCOM ADNS SATCOM FLEET NOC SYSTEMS DISN Circuit Connection Requirements (per DISA) [] NIPRNET SIPRNET JWICS Figure 1 Notional Platform IT Interconnection (Fleet) Figure 1 shows a notional diagram of interconnection involving Platform IT (blue), Platform IT Interconnection (yellow), non-platform (green) and the GiG (gold). - 3 -

REAL-TIME Systems in which the correctness of the system depends not only on the logical result of computations, but also on the time at which the results are produced or the sense of urgency of the systems information processing and the information processed by the system to completion of the platform s mission. SPECIAL-PURPOSE SYSTEM Derived from DoDD 8500.1, Paragraph E2.1.16.4. System or platform that employs computing resources (i.e., hardware, firmware, and optionally software) that are physically embedded in, dedicated to, or necessary in real time for the performance of the system s mission. Examples of special purpose systems include weapons systems, training simulators, diagnostic test and maintenance equipment, calibration equipment, equipment used in the research and development of weapons systems, medical technologies, transport vehicles, buildings, and utility distribution systems, such as water and electric. III. BACKGROUND IA policy applies generally to all IT systems PROGRAM MANAGERS (PM) are responsible for ensuring sufficient IA is incorporated into their systems whether or not the C&A process is required. Even under a designation of Platform IT, Program Managers must implement the maximum amount of IA consistent with the specialpurpose mission performed by the Platform IT. Per SECNAVINST 5239.3A and Defense Acquisition Policy (the DoD 5000 series, DoN 5000.2, and DoDI 8580.1), IA is applicable to all DoN-owned or -controlled information systems that receive, process, store, display or transmit DoD information, regardless of Mission Assurance Category (MAC), classification or sensitivity. Both SECNAV and Defense Acquisition Policy are satisfied by employing the tenets of defensein-depth for layering IA solutions within a given IT asset and among assets; and ensuring appropriate robustness of the solution, as determined by the relative strength of the mechanism and the confidence that it is implemented and will perform as intended. The IA solutions that provide availability, integrity, and confidentiality also provide authentication and non-repudiation. The goal of IA for DoD/DoN IT systems, as stated in DoD 8500.1, paragraph 4.2, is: All DoD information systems shall maintain an appropriate level of confidentiality, integrity, authentication, non-repudiation, and availability that reflect a balance among the importance and sensitivity of the information and information assets; documented threats and vulnerabilities; the trustworthiness of users and interconnecting systems; the impact of impairment or destruction to the DoD information system; and cost effectiveness. - 4 -

The IA Controls provided in DoD 8500.2 apply to the definition, configuration, operation, interconnection, and disposal of DoD information systems. They form a management framework for the Clarification of Platform IT for Navy Information Systems allocation, monitoring, and regulation of IA resources that is consistent with Federal guidance provided in OMB Circular A-130. The C&A process applies generally to all IT systems, except Platform IT Per DoDD 8500.1, the C&A process (DITSCAP or DIACAP) is applicable to all DoN-owned or controlled information systems that receive, process, store, display or transmit DoD information, regardless of MAC, classification or sensitivity, except, per DoDD 8500.1 Paragraph 2.3, IT that is considered Platform IT. Figure 2 shows applicability of the C&A process and IA policy to a situation involving both Platform IT and a Platform IT Interconnection. Platform IT Platform IT Interconnection GiG or non-platform IT Subject to IA policy Not subject to the C&A Subject to both IA policy and the C&A process Figure 2 Platform IT As illustrated in Figure 2, generally all IT is subject to IA policy and the C&A process, but Platform IT is excluded from the C&A process. The Platform IT Interconnection is specifically subject to the C&A process, per DoDD 8500.1. Special Note about Stand Alone Systems Per DoDD 8500.1, a stand-alone system (e.g., does not have one or more network connections) is subject to the C&A process unless it meets the definition of Platform IT. An IT system or IT component cannot be classified as Platform IT simply because it is stand-alone. - 5 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information