gig-build-op by VegasStreetProphet


									                                                                                                                                                             CIIA GOAL 1: ORGANIZE
                                                                                                                                                                                                                                                                                                                                                                  Identity & Information Assurance
                                                                                                                                                                 1.1 Lead and Govern
                                                                                                                                                                                                                                           CNSSP-24                               DoDD 8000.01
                                                                                                                                                                                                                                                                                                                                                                    Related Policies and Issuances
                                                                                              25 Point Implementation Plan to            Quadrennial Defense Review (QDR)                                                                                                                                                       DoDD 8500.01E
  U.S. International Strategy for Cyberspace            Cyberspace Policy Review
                                                                                                  Reform Federal IT Mgt.                              Report                      National Defense Strategy (NDS)             Policy on Assured Info Sharing (AIS)
                                                                                                                                                                                                                              for National Security Systems(NSS)
                                                                                                                                                                                                                                                                          Management of the DOD Information
                                                                                                                                                                                                                                                                                                                           Information Assurance (IA)                  Developed by the DoD CIO, IIA Deputate
                                                                                                                                                                                                                                                                                                                                                                                         Last Updated: October 18, 2011
               DoDI 8500.2                             DoD Strategy for Operating in         DoD Cyber, Identity & Information                      DTM-01-001
                                                                                                                                                 DoD GIG Computing
                                                                                                                                                                                  Guidance for Development of the             National Military Strategic Plan for the
                                                                                                                                                                                                                                                                            National Military Strategy (NMS)
                                                                                                                                                                                                                                                                                                                       National Military Strategy for                       Send questions/suggestions to
  Information Assurance Implementation                         Cyberspace                       Assurance Strategic Plan                                                            Force (GDF) for 2010-2015                           War on Terrorism                                                             Cyberspace Operations (NMS-CO)

                      CIIA GOAL 1: ORGANIZE                                                                       CIIA GOAL 2: ENABLE                                                                 CIIA GOAL 3: ANTICIPATE                                                                     CIIA GOAL 4: PREPARE                                                                       AUTHORITIES
                       1.2 Design for the Fight                                                                 2.1 Secure Data in Transit                                                        3.1 Understand the Battlespace                                                           4.1 Develop and Maintain Trust…                                                    Title 10                                   Title 14
                                                                                                                                                                                                                                                                                                                                                                           Armed Forces                     Cooperation With Other Agencies
                                                            SP 800-119                                                                                                                                                                                                                                                                                           (§§2224, 3013(b), 5013(b), 8013(b))       (Ch. 7:§§ 141,144,145,148,149,150)
   Common Criteria Evaluation and                                                                       FIPS 140-2                                   CNSSP-1                                    FIPS 199                                     SP 800-59
                                               Guidelines for the Secure Deployment              Security Requirements for             National Policy for Safeguarding and       Standards for Security Categorization       Guideline for Identifying an Information                   CNSSP-12                                     CNSSP-21
    Validation Scheme (CCEVS)                                  of IPv6                                                                                                                                                                                                                                                                                                          Title 32                                  Title 40
                                                                                                  Cryptographic Modules                    Control of COMSEC Material              of Federal Info. and Info. Systems                    System as a NSS                    National IA Policy for Space Systems           National IA Policy on Enterprise
                                                                                                                                                                                                                                                                                                                                Architectures for NSS                       National Guard                 Public Buildings, Property, and Works
                                                                                                                                                                                                                                                                                   Used to Support NSS                                                                          (§102)                      (Ch. 113: §§11302, 11315, 11331)
             NSTISSP-11                                     DFARS                             NCSC-5, Nat’l Policy on Use of                      CNSSP-15                                   SP 800-60 R1                                  SP 800-92
   National Information Assurance              Subpart 208.74, Enterprise Software         Cryptomaterial by Activities Operating       Use of Pub Standards for Secure           Guide for Mapping Types of Info and            Guide to Computer Security Log                      NSTISSD-600
         Acquisition Policy                               Agreements                                                                                                                                                                                                                                                              NSTISSI-7002                      Federal Information Security                         Title 50
                                                                                                in High Risk Environments                 Sharing of Info Among NSS               Info Systems to Security Categories                     Management                        Communications Security (COMSEC)                    TEMPEST Glossary                 Management Act, 44 U.S.C. §3541 et              War and National Defense
                                                                                                                                                                                                                                                                                       Monitoring                                                                               seq                                   (§§401, 1801)
            DoDD 4630.05                                   DoDD 8115.01                                  CNSSP-17                                   CNSSP-19
Interoperability and Supportability of IT                                                                                                                                                      NISTIR 7693                              DoDI S-5240.23
                                                      IT Portfolio Management              National Information Assurance Policy       National Policy Governing the Use of                                                    Counterintelligence (CI) Activities in                                                           DoDD 3020.40
 and National Security Systems (NSS)                                                                                                                                             Specification for Asset Identification 1.1                                                            DoDD 3100.10                    DoD Policy and Responsibilities for                                                                 UCP
                                                                                                 on Wireless Capabilities                        HAIPE Products                                                                           Cyberspace                                                                                                                                                            Unified Command Plan
                                                                                                                                                                                                                                                                                        Space Policy                        Critical Infrastructure              Clinger-Cohen Act, Pub. L. 104-106
            DoDI 8115.02                                  DoDI 8510.01                                                                            NSTISSP-101                                                                                                                                                                                                                                              (US Constitution Art II, Title 10 & 50)
       IT Portfolio Management                 DoD IA Certification and Accreditation        National Policy for PKI in National        National Policy on Securing Voice                                                                                                               DoDD 5144.1                                DoDI 8581.01
           Implementation                              Process (DIACAP)                              Security Systems                           Communications                                                                                                                ASD for Networks and Information        IA Policy for Space Systems Used by
                                                                                                                                                                                            3.2 Prevent and Delay Attackers…                                                        Integration/DoD CIO                              the DoD                                           NATIONAL / FEDERAL
                                                           DoDI 8580.1                                NACSI-2005                                  NSTISSI-4006
     DIACAP Knowledge Service                    Information Assurance (IA) in the          Communications Security (COMSEC)           Controlling Authorities for COMSEC                and 3.3 Prevent Attackers from Staying…                                                      DTM-09-016
                                                    Defense Acquisition System                   End Item Modification                               Material                                                                                                                 SCRM to Improve the Integrity of                                                                                                     Federal Wiretap Act
                                                                                                                                                                                                                                                                                                                                                                   Computer Fraud and Abuse Act
                                                                                                                                                                                                                                                                             Components Used in DoD Systems                                                              Title 18 (§1030)                         Title 18 (§2510 et seq.)
            DNI CIO Memo                                  DoDD 5000.01                                  CNSSI-5000                               CNSSI-5001                                    FIPS 200                                    SP 800-37 R1
Intelligence Community (IC) Enterprise            The Defense Acquisition System             Guidelines for Voice Over Internet        Type-Acceptance Program for VoIP           Minimum Security Requirements for               Guide for Applying the Risk Mgt
           Software Licensing                                                               Protocol (VoIP) Computer Telephony                   Telephones                          Federal Information Systems                 Framework to Fed. Info. Systems                                                                                                                                            Pen Registers and Trap and Trace
                                                                                                                                                                                                                                                                                            4.2 Strengthen Cyber Readiness                                           Stored Communications Act
                                                                                                                                                                                                                                                                                                                                                                       Title 18 (§2701 et seq.)                          Devices
            DoDI 5000.02                                   DoDI 7000.14                    NACSI-6001, Foreign Military Sales of                    NACSI-6002                                                                                                                                                                                                                                                   Title 18 (§3121 et seq.)
 Operation of the Defense Acquisition            Financial Management Policy and                                                                                                            SP 800-53 R3                                 SP 800-53A R1
                                                                                            COMSEC Articles and Services to           Nat’l COMSEC Instruction Protection of      Recommended Security Controls for
                System                                  Procedures (PPBE)                     Foreign Gov’ts and Int’l Orgs                 Gov’t Contractor Telecomm’s                                                          Guide for Assessing the Security                       SP 800-18 R1                                                                                                                Executive Order 13231
                                                                                                                                                                                     Federal Information Systems                  Controls in Fed. Info. Systems             Guide for Developing Security Plans                   SP 800-126 R2                 Foreign Intelligence Surveillance Act
                                                                                                                                                                                                                                                                                                                                   SCAP Ver. 1.2                       Title 50 (§1801 et seq)             Critical Infrastructure Protection in the
                                                    ASD(NII)/DoD CIO Memo                                                                        DoDD 8100.02                                                                                                                 for Federal Information Systems                                                                                                           Information Age
            DoDD 7045.20                          DoD Support for the SmartBUY                          NSTISSI-7003                                                                            SP 800-128
   Capability Portfolio Management                                                                                                    Use of Commercial Wireless Devices,               Guide for Security-Focused                     DoDD O-8530.1
                                                            Initiative                      Protective Distribution Systems (PDS)      Services, and Tech in the DoD GIG                                                                                                                                                                                                                                          Executive Order 13587
                                                                                                                                                                                                                                Computer Network Defense (CND)                          SP 800-30                                  SP 800-39                             Executive Order 13526
                                                                                                                                                                                     Configuration Mgt of Info Systems                                                                                                                                                                                        Structural Reforms To Improve
                                                                                                                                                                                                                                                                               Risk Management Guide for IT            Managing Information Security Risk       Classified National Security Information
     DoD CIO G&PM 12-8430                              DODAF(Version 2.0)                               DoDI 4650.01                                                                                                                                                                    Systems                                                                                                                       Classified Nets
                                                                                           Policy and Procedures for Mgt and Use                DoDI 8100.04                                 DoDI O-8530.2                                 DoDI 8551.1
   Acquiring Commercial Software                    DoD Architecture Framework
                                                                                              of the Electromagnetic Spectrum             DoD Unified Capabilities (UC)          Support to Computer Network Defense              Ports, Protocols, and Services                                                                                                   NSD 42, National Policy for the
                                                                                                                                                                                                (CND)                                 Management (PPSM)                                 SP 800-137                               DoDD O-5100.30                                                                   NSPD 54 / HSPD 23
                                                         CJCSI 6212.01E                                                                                                                                                                                                                                                     Department of Defense (DoD)         Security of Nat’l Security Telecom and
           CJCSI 3170.01G                                                                                                                                                                                                                                                          Continuous Monitoring                                                                 Information Systems                 Computer Security and Monitoring
   Joint Capabilities Integration and          Interoperability and Supportability of IT             DoDI 8420.01                              DoDI 8523.01                                                                                                                                                                  Command and Control (C2)
                                                                                           Commercial WLAN Devices, Systems,                                                                DoDI 8552.01                               DoD O-8530.1-M
    Development System (JCIDS)                     and National Security Systems                                                      Communications Security (COMSEC)            Use of Mobile Code Technologies in          CND Service Provider Certification and
                                                                                                   and Technologies                                                                                                                                                                 DoDD S-5100.44                             DoDI 8560.01                          Presidential Memo, “Classified          A-130, Management of Fed Info
                                                                                                                                                                                      DoD Information Systems                       Accreditation Program                                                                                                       Information and Controlled Unclassified     Resources, Appendix III, Security of
                                                                                                                                                                                                                                                                             Defense and National Leadership          COMSEC Monitoring and Information
         Joint Publication 6-0                  Alignment Framework for the GIG IA                    DoDI S-5200.16                                                                                                                                                                                                                                                    Information,” 27 May 09                 Fed Automated Info Sys
                                                                                                                                               DoDD 8521.01E                                                                        ASD(NII)/DoD CIO Memo                    Command Capability (DNLCC) (U)             Assurance Readiness Testing
    Joint Communications System                    Architecture (AFG) version 1.1          Objectives and Min Stds for COMSEC                                                                 DTM-08-060
                                                                                                                                        Department of Defense Biometrics           Policy on Use of DoD Info Sys – Std
                                                                                              Measures used in NC2 Comms                                                                                                        Federal Desktop Core Configuration
                                                                                                                                                                                  Consent Banner and User Agreement                                                                                                                                                             FAR                                  Ethics Regulations
                                                          IATF Version 3.1                                                                                                                                                                   (FDCC)                                                                                                                 Federal Acquisition Regulation
 IA Component of the GIG Integrated                                                                                                           CJCSI 6510.06A
        Architecture, v1.1
                                                  Information Assurance Technical                    CJCSI 6510.02C
                                                                                                                                      Communications Security Releases to                                                           ASD(NII)/DoD CIO Memo
                                                                                                                                                                                                                                                                                                     4.3 Sustain Missions
                                                             Framework                       Cryptographic Modernization Plan                                                           ASD(C3I) Policy Memo
                                                                                                                                              Foreign Nations                                                                     DoD Guidance on Protecting                                                                                                                                                    National Strategy to Secure
                                                                                                                                                                                  Guidance for CND Response Actions                                                                                                                                                   National Security Strategy
                                                                                                                                                                                                                              Personally Identifiable Information (PII)                   CNSSP-6                                     CNSSP-18                                                                         Cyberspace
                    1.3 Develop the Workforce                                                                        2.2 Manage Access                                            ASD(NII)/DoD CIO Memo, Encryption                 ASD(NII)/DoD CIO Memo                    National Policy for C&A of National             National Policy on Classified
                                                                                                                                                                                                                                                                                                                                 Information Spillage
                                                                                                                                                                                                                               Protection of Sensitive DoD Data at           Security Telecom and Info Systems                                                                                                          CNSSD-502
                                                                                                                                                                                    of Unclass DAR on Mobile Comp
                                                                                                                                                                                    Devices and Removable Storage              Rest on Portable Computing Devices                                                                                                NIST Special Publication 800 Series          National Directive On Security of
                                                          NSTISSD-501                                     HSPD-12                                   M-05-24                                                                                                                              CNSSP-22                                    CNSSP-300                                                                  National Security Systems
             CNSSD-500                                                                      Policy for a Common ID Standard for                                                                                                                                                                                              National Policy on Control of
Information Assurance (IA) Education,              National Training Program for                                                            Implementation of HSPD-12                      CJCSI 6510.01F                              CJCSM 6510.01A                           IA Risk Management Policy for
                                                     INFOSEC Professionals                  Federal Employees and Contractors                                                                                                                                                     National Security Systems                  Compromising Emanations            CNSSD-900, Governing Procedures of                       CNSSD-901
      Training, and Awareness                                                                                                                                                       Information Assurance (IA) and               Information Assurance (IA) and
                                                                                                                                                                                                                                                                                                                                                                 the Committee on National Security        Nat’l Security Telecomm’s and Info Sys
                                                                                                        FIPS 201-1                                   CNSSP-3                       Computer Network Defense (CND)               Computer Network Defense (CND)                           CNSSI-1001                     CNSSI-4004, Destruction and                                                          Security (CNSS) Issuance System
         NSTISSI-4000                                     NSTISSI-4011                                                                 National Policy for Granting Access to                                                                                                                                                                                                Systems
                                                                                            Personal Identity Verification (PIV) of                                                                                                                                            National Instruction on Classified     Emergency Protection Procedures for
  COMSEC Equipment Maintenance                     National Training Standard for           Federal Employees and Contractors          Classified Cryptographic Information
    and Maintenance Training                         INFOSEC Professionals                                                                                                                                                                                                           Information Spillage               COMSEC and Class. Material                          NSTISSI-4002                                CNSSI-4009
                                                                                                                                                                                                                                                                                                                                                                  Classification Guide for COMSEC             National Information Assurance
                                                                                           CNSSP-10, Nat’l Policy Governing Use                      CNSSP-16                                                                                                                                                                                                                                                             Glossary
             CNSSI-4012                                     CNSSI-4013                                                                  National Policy for the Destruction of                                                                                                       CNSSI-7000                                  NSTISSI-7001                                 Information
                                                                                           of Approved Security Containers in Info                                                                                                                                             TEMPEST Countermeasures for
   National IA Training Standard for             National IA Training Standard For                   Sys Security Apps                       COMSEC Paper Material                                                                                                                                                          NONSTOP Countermeasures
     Senior Systems Managers                       System Administrators (SA)                                                                                                                                                                                                          Facilities
                                                                                                      NSTISSI-3028                                                                                        ABOUT THIS CHART
             CNSSI-4014                                    NSTISSI-4015                     Operational Security Doctrine for the
                                                                                                                                           Controlled Cryptographic Items           This chart organizes information assurance policies and
                                                                                                                                                                                                                                                                                      DoDD 3020.26
                                                                                                                                                                                                                                                                              Department of Defense Continuity
                                                                                                                                                                                                                                                                                                                                   DoDD 3020.44                                                 Operational
  National IA Training Standard For            National Training Standard for System         FORTEZZA User PCMCIA Card                                                                                                                                                                                                       Defense Crisis Management
Information Systems Security Officers                         Certifiers                                                                                                            guidance by CIIA Strategic Goal and Office of Primary                                               Programs
                                                                                                       NSTISSI-4003                               NSTISSI-4005                      Responsibility (see Color Key). It is intended to show all IA or                                                                                                                        SD 527-01                                    SI 504-04
             CNSSI-4016                                    DoDD 8570.01                      Reporting and Evaluating COMSEC           Safeguarding COMSEC Facilities and                                                                                                                                                         DoDI 8410.02
                                                                                                                                                                                                                                                                                       DoDD C-5200.19                                                              DoD INFOCON System Procedures                     Readiness Reporting
National IA Training Standard For Risk              IA Training, Certification, and                      Incidents                                  Materials                       IA-related policies a Component may need to comply with and                              Control of Compromising Emanations
                                                                                                                                                                                                                                                                                                                      NetOps for the Global Information Grid
                Analysts                               Workforce Management                                                                                                                                                                                                                                                           (GIG)
                                                                                                                                                 DoDD 1000.25
                                                                                                                                                                                    direct users to the full text.                                                                                                                                                           SI 507-01
                                                                                                       NSTISSI-4010                                                                                                                                                                                                                                                                                                       SI 701-01
            DoD 8570.01-M                                  DTM-09-026
                                                                                                Keying Material Management
                                                                                                                                         DoD Personnel Identity Protection          This chart attempts to link to the most authoritative source for                           Defense Acquisition Guidebook
                                                                                                                                                                                                                                                                                                                      NSA IA Directorate (IAD) Management         NetOps Community of Interest (NCOI)
                                                                                                                                                                                                                                                                                                                                                                                                                       NetOps Reporting
   Information Assurance Workforce                Responsible and Effective Use of                                                               (PIP) Program                                                                                                                                                                  Directive MD-10                               Charter
         Improvement Program
                                                                                                                                                                                    each document. We check the integrity of the links on a regular                           Section 7.5 Information Assurance          Cryptographic Key Protection
                                                    Internet-based Capabilities
                                                                                                       DoDI 8520.02                                DoDI 8520.03                     basis, but have no control over the sites linked to, so you may
                                                                                             Public Key Infrastructure (PKI) and       Identity Authentication for Information                                                                                                                                                                                      STRATCOM CONPLAN 8039-08                        STRATCOM OPLANs
                                                                                                 Public Key (PK) Enabling
                                                                                                                                                                                    occasionally experience an error message due to problems at
                       1.4 Partner for Strength                                                                                                                                     the source site or the site's decision to move the document.                                                            Color Key - OPRs
                                                                                                                                           DoD Strategic Plan for Identity          Please let us know if you believe the link is no longer valid.                                   ASD(NII)/ASD(C3I)              NIST                       USD(I)                 Computer Network Directives
                                                                                               Next Gen CAC Implementation                        Management                                                                                                                                                                                                          (CTO, FRAGO, WARNORD)
               CNSSP-14                                      NSTISSI-1000                               Guidance                                                                    In the electronic version, each policy and the OPRs in the Color                                 /DOD CIO
 National Policy Governing the Release           National Information Assurance C&A                                                                                                                                                                                                                                 NSA                        USD(P)
       of IA Products/Services…
                                                                                                                                                                                    Key are hyperlinked to their full text or respective sites online.                               CNSS/NSTISS
                                                          Process (NIACAP)
                                                                                                           2.3 Assure Information Sharing                                           To use the hyperlink, simply click on the box.                                                   DISA                           OSD                        USD(P&R)                               SUBORDINATE POLICY
              CNSSI-1253                                   CNSSI-4007                                                                                                               Policies in italics indicate the document is marked for limited                                 DNI                                                        Other Agencies
                                                 Communications Security (COMSEC)                     DoDD 8320.02                                  DTM-08-027                                                                                                                                                      STRATCOM
  Security Categorization and Control                                                                                                                                               distribution or no public-facing hyperlink is currently available.                                                                                                                                                             Component-level Policy
  Selection for Nat’l Security Systems                   Utility Program                        Data-Sharing in a Net-Centric               Security of Unclassified DoD                                                                                                                                                                       Recently            Security Configuration Guidelines       (Directives, Instructions, Publications,
                                                                                                                                                                                    Boxes with red borders reflect recent updates.                                                   JCS                            USD(AT&L)
                                                                                                  Department of Defense                Information on Non-DoD Info Systems                                                                                                                                                                     updated box                     (SCGs)                                    Memoranda)
             CNSSI-4008                                    DoDI 5205.13                                                                                                             For printing, this chart is best viewed on 22"x17" (Size C) paper.                              NIAP                            USD(C)
  Program for the Mgt and Use of Nat’l              Defense Industrial Base Cyber                                                                                                   Note: Users of the iPad, iPhone or iPod Touch may find they
    Reserve IA Security Equipment                       Security / IA Activities              DoD Information Sharing Strategy          Cross Domain Community Roadmap                                                                                                                                                                                                  DISA FSO Whitepapers                         Security Checklists
                                                                                                                                                                                    can view this Chart but that its hyperlinks are inoperable,
               ICD 503                                                                                                                       ASD(NII)/DoD CIO Memo                  because of Apple's decision not to fully support certain Adobe
 IT Systems Security Risk Management                                                        United States Intelligence Community          Use of Peer-to-Peer File Sharing                                                                                                                                                                                        Security Readiness Review Scripts          Security Technical Implementation
                                                                                                Information Sharing Strategy                                                        products. For those who desire a workaround for this issue,                                                                                                                                (SRRs)                                 Guides (STIGs)
              and C&A                                                                                                                        Applications Across DoD
                                                                                                                                                                                    there are apps in the iTunes store for less than $1.00.
                                                                                                      CJCSI 6211.02C                             CJCSM 3213.02C                     For the latest version of this chart go to
                                                                                            Defense Information System Network:                Joint Staff Focal Point              ia_policychart.html.
                                                                                                                                                                                                                                                                                                  Distribution Statement A: Approved for Public Release. Distribution is unlimited.
                                                                                                 Policy and Responsibilities

To top