Directives, Policies, Standards & Guidelines

Active Directory
Active Directory CONOPS (Version 1.1)
This document is to describe the concept of operations (CONOPS) that Army organizations will use to implement and operate an Active Directory (AD) across all Theaters of Operations. This document establishes that the US Army Network Enterprise Technology Command (NETCOM) provides the overall guidance for the standards, responsibilities, and processes necessary to migrate from the current information technology (IT) environment to an AD based environment on the Department of the Army (DA) HQDA Office of the Army Chief Information Officer (CIO/G6) Army Knowledge Management (AKM) policy. (AKO Login Required)
Active Directory Management Role and Responsibilities - TECHCON 2004-008
This memorandum provides guidance to Army organizations on roles and responsibilities as they pertain to the Active Directory within the Army Enterprise. (AKO Login Required)
Active Directory Trust Procedures and Guidelines - TECHCON 2004-015B
This document provides specific guidance to all Army organizations that request approval, implementation, and management of AD trusts in the AEI. This document defines types and levels of trusts, and then identifies the roles and responsibilities of entities involved in the end-to-end process of requesting a trust through implementing, planning, operating, and, where appropriate, removing a trust. Processes and procedures are given for requesting, approving, and implementing trusts as well as reporting and removing. These are specifically developed for application to permanent, migration, and deployed forces trusts. (AKO Login Required)
CONUS Forest Exchange 2003 Architecture & Design (Version 2.1)
This document describes the CONUS Forest architecture, design and implementation of an Army messaging capability based on Microsoft (MS) Exchange 2003, tightly integrated with the ongoing rollout of Army Windows 2003 Active Directory (AD) in the CONUS forest. The objective is to provide an engineering design and guidance for the near-term implementation of a regionalized Exchange environment capable of transitioning to a highly centralized objective end state. Primary considerations for this design are security, retention of local DOIM-managed mailbox servers, Microsoft product restrictions and minimization of central funding and management. (AKO Login Required)
Army Policy for Windows NT 4.0 Replacement and Active Directory (AD) Implementation
Establishes Army policy for the replacement of Windows NT 4.0 with Windows 2000 or better for the establishment of Active Directory baseline. (AKO Login Required)
Active Directory (AD) Administration Responsibilities and Technical Guidance (Version 1.0)
This document provides the model for system administration of the Army Active Directory (AD) Forest. The document also discusses the AD Forest structure and management of all the components within that structure. (AKO Login Required)
Army Enterprise Standardization
Memorandum Enterprise Software Agreements
This memorandum establishes Army procedures for ordering software from Enterprise Software Agreements.
Department of the Army IT Purchasing Guide
The purpose of this guide is to provide the procedures to help users fulfill commercial IT requirements by using Army contracts as the primary option. It outlines the process and the points of contact that can help you with your next IT products or services purchase.
DOD Support for the SmartBUY Initiative
The CIO of DOD directed that the use of SmartBUY agreements is mandatory.
Memorandum on Employment of Collaboration Capabilities Procedures
This memorandum establishes Army procedures on the acquisition and implementation of Army collaboration capabilities to be deployed on the Army Enterprise network or at local enclaves or domain levels. Collaboration capabilities are defined as the wide range of structures, processes, procedures, and services or tools necessary to enable two or more individuals who are not co-located to use an electronic synchronous or asynchronous environment to communicate, plan, coordinate and make decisions to achieve an objective. This procedure applies to the Active Army, the U.S. Army National Guard, the U.S. Army Reserve, U.S. Army civilians, and applicable U.S. Army supporting contractors.
Memorandum on Army's Implementation of DOD Enterprise Software Initiative (DOD ESI)
The Office of the Assistant Secretary of the Army (Acquisition, Logistics and Technology) is re-issuing this information to all Principal Assistants Responsible for Contracting (PARC) offices to support the Computer Hardware, Enterprise Software and Solutions (CHESS) office efforts with the DOD ESI and to reiterate the obligation for all Government Purchase Card (GPC) participants to comply with mandated Defense Federal Acquisition Regulations Supplement (DFARS) requirements for purchasing computer software.
Army Enterprise Desktop Software Standardization (TA Implementation Memorandum 2003-005c)
This TA defines a common standard Army software configuration baseline for user workstations (i.e., PCs) and notebooks for use within the Army enterprise. (AKO Login Required)
DFARS Final Rule on the use of Enterprise Software Agreements
DFARS Final Rule on the use of Enterprise Software Agreements has been published. On 25 October 2002, the DOD final rule has been published in the Federal Register amending the Defense Federal Acquisition Regulation Supplement (DFARS) to add a policy to mandate the use of DOD Enterprise Initiative Enterprise Software Agreements for commercial software and software maintenance acquisitions.
Acquiring Commercially Available Software and Information Technology (IT) Products within the Army
AR 25-1, paragraph 6-2e(3) The Computer Hardware, Enterprise Software and Solutions (CHESS) is the Army's designated Software Product Manager and exclusive source for all software through the enterprise license agreements.
Army Knowledge Management
Army Regulation 25-1, Information Management Army Information Technology
This regulation establishes policies and assigns responsibilities for in-formation management and information technology. It applies to information technology contained in both business systems and national security systems (except as noted) developed for or purchased by the Department of Army. It addresses the management of information as an Army resource, the technology supporting information requirements, and the resources supporting information technology. This regulation implements Title 40, United States Code, Subtitle III (40 USC, Subtitle III); 44 USC, Chapters 35 and 36; 10 USC 2223 and 3014; and DODD 8000.01. It establishes the Army’s Chief Information Officer and the full scope of the Army Chief Information Officer’s responsibilities and management processes. These processes involve strategic planning, capital planning, business process analysis and improvement, assessment of proposed systems, information resource management (to include investment strategy), performance measurements, acquisition, and training.
Army Knowledge Management Implementation Plan
(Version 2.0) The AKM Strategic Plan outlines five goals that challenge our most basic institutional business processes and policies for IT and information management (IM) in support of the Army Campaign Plan (ACP): Goal 1 -Adopt governance and cultural changes to become a knowledge-based organization Goal 2 -Integrate Knowledge Management (KM) concepts and best practices to promote the knowledge-based force Goal 3 -Manage the infostructure as an Enterprise to enhance capabilities and efficiencies Goal 4 -Institutionalize Army Knowledge Online (AKO) as the enterprise portal to provide universal, secure access for the entire Army Goal 5 -Harness Human Capital for the knowledge-based organization (AKO Login Required)
Bios Compliance
Implementation of Basic Input/Output System (BIOS) Protection Guidelines
Information Technology procurement policy Basic Input/Output System (BIOS) compliancy Apr 7, 2011 " The purpose of this memorandum is to provide updated policy for the development and procurement of IT hardware, IT requirements determination, software and service requirements documentation in accordance with reference 1B".
Information Technology Procurement Policy Basic Input/Output System (BIOS) Compliancy
The purpose of this memorandum is to provide updated policy for the development and procurement of IT hardware, IT requirements determination, software and service requirements documentation in accordance with reference 1b.
Collaboration Tools
Employment of Collaboration Capabilities Procedures
This memorandum establishes the Army procedures on the acquisition and implementation of Army collaboration capabilities to be deployed on the Army Enterprise network or at local enclaves or domain levels.
Collaboration Tools Suite Standards
This memorandum establishes the Army policy for the procurement and deployment of DOD networked collaboration tools. Collaboration tools include, but are not limited to, voice and video conferencing; text, document and application sharing; awareness and instant messaging; and whiteboarding.
Collaboration products certified for use on DOD SIPRNet Networks
This website provides a listing of collaborative tools that have been certified for use on DOD SIPRNet and NIPRNet networks.
DCTS CMO Product Exemption List
This website provides a listing of collaborative tools that are exempt from the certification process and can be used on DOD NIPRNet network.
Desktop Standardization:
AGM Program Change Request
The purpose of this memorandum is to define the requirements for modifying the Army Golden Master (AGM) baseline configuration and describing the Statement of Non-Availability/compliance reporting process for organizational modifications.
Army Enterprise Desktop Standardization - Implementation Memorandum 2003-005c
This memorandum identifies minimum hardware, operating systems, applications, and configurations necessary to establish baselines for personal computer (PC) desktop systems for use throughout the Army. Presently, these systems consist of the Microsoft Windows and Macintosh computing environments.
DOD Information Technology Standards Registry
DOD Information Technology Standards Registry (DISR)
The DISR is the single, unifying DoD registry for approved information technology (IT) and national security systems (NSS) standards and standards profiles that is managed by the Defense Information Systems Agency (DISA). The DISR Baseline lists IT Standards that are mandated for use in the DoD Acquisition process. The DISR is the standards data source that is used to populate and develop Standards Technical Profiles (StdV) that are required artifacts in Information Support Plans (ISP). The complete DISR can be accessed at with a DoD Computer Access Card (CAC) and an account.
Energy Star
ENERGY STAR® is the government-backed symbol for energy efficiency, providing simple, credible, and unbiased information that consumers and businesses rely on to make well-informed decisions. Thousands of industrial, commercial, utility, state, and local organizations—including about 40% of the Fortune 500®—partner with the U.S. Environmental Protection Agency (EPA) to deliver cost-saving energy efficiency solutions that improve air quality and protect the climate. Since 1992, ENERGY STAR and its partners helped American families and businesses save more than 4 trillion kilowatt-hours of electricity and achieve over 3.5 billion metric tons of greenhouse gas reductions, equivalent to the annual emissions of more than 750 million cars. In 2018 alone, ENERGY STAR and its partners helped Americans avoid $35 billion in energy costs.
Statutory Authority for ENERGY STAR
The ENERGY STAR program was established by EPA in 1992, under the authority of the Clean Air Act Section 103(g). Federal Law Section103(g) of the Clean Air Act directs EPA to "develop, evaluate, and demonstrate non-regulatory strategies and technologies for air pollution prevention… with opportunities for participation by [stakeholders]… including SOx, NOx… CO2… including end-use efficiency, and fuel-switching to cleaner fuels." (42 USC Section 7403g) In 2005, Congress enacted the Energy Policy Act. Section 131 of the Act amends Section 324 of the Energy Policy and Conservation Act, and directed the Environmental Protection Agency and the Department of Energy to implement “a voluntary program to identify and promote energy–efficient products and buildings in order to reduce energy consumption, improve energy security, and reduce pollution through voluntary labeling of or other forms of communication about products and buildings that meet the highest energy efficiency standards.” The Act further directs EPA and DOE to work jointly to “(1) promote ENERGY STAR compliant technologies as the preferred technologies in the marketplace for (A) achieving energy efficiency; (B) and reducing pollution; (2) work to enhance public awareness of the ENERGY STAR label, including providing special outreach to small businesses; (3) preserve the integrity of the ENERGY STAR label; (4) regularly update Energy Star product criteria for product categories;” and to solicit comments from interested parties prior to establishing/revising ENERGY STAR product categories, specifications, or criterion. (42 USC Section 6294a)
President Issues Executive Order Regarding Energy-Efficient Use of Power Devices in Federal Facilities
Executive Order 13221 - Defines the policy for use of Energy Star devices within Federal Facilities. The Executive Order required that when Federal organizations purchase commercially available, off-the-shelf products that use external standby power devices, or that contain an internal standby power function, that the purchase products use no more than one watt in their standby power-consuming mode. If such products are not available, agencies shall purchase products with the lowest standby power wattage while in their standby power-consuming mode.
Digital duplicator - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for digital duplicators.
Copiers and Fax Machines - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for copiers and fax machines.
Computer Servers - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for computer servers.
Computer - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for computers.
Monitor - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for monitors.
Printers, scanners, and all-in-one devices - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for printers, scanners, and all-in-one devices.
Notebook Computers/Tablet PCs - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for notebook computers/tablet PCs.
Information Assurance - Army and DOD Policy
Information Assurance (AR 25-2)
This regulation provides Information assurance policy, mandates, roles, responsibilities, and procedures for implementing the Army Information Assurance Program, consistent with today's technological advancements for achieving acceptable levels of security in engineering, implementation, operation, and maintenance for information systems connecting to or crossing any U.S. Army managed network.
Army Approved IA Tools List
This website lists all CSLA approved Information Assurance (IA) Products. Use of CSLA BPA mandated via AR 25-2. Users wishing to procure IA products must contact Julia Conyers-Lucero at or phone 520.538-8259 DSN 879-8259. (AKO Login Required)
Information Assurance (IA) Approved Products List
The IA APL contains vetted products intended for Army acquisition and deployment. All relevant Army personnel, including PEOs and PMs, are required to select IA products from this list throughout the lifecycle of a system or architecture. The IA APL contains NEW, LEGACY, and COMSEC technology for Army wide acquisition. Strategic, Operational, Tactical, or Special Mission Areas are directed to leverage the Army's IA APL to remain compliant with Army Information Assurance and Acquisition Regulations.
DOD CIO Memorandum, “Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media,”
This Memorandum requires that all data at rest on mobile computing devices shall be treated as sensitive information and shall be encrypted.
Disposition of Unclassified DOD Computer Hard Drives
Effective 4 June 2001, the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence, signed into policy guidance on the Disposition of Unclassified DOD Computer Hard Drives.
Information Assurance - NIST Policy and Guidelines
National Information Assurance Acquisition Policy
This DOD policy emphasized the requirement at all IA products and IS-enabled products that require use of the product's IA capabilities, acquired under contracts executed after July 1, 2002 to support all DOD information systems must be evaluated and validated in accordance with policy.
Guide to Information Technology Security Services NIST Special Publication 800-35
The purpose of this guide is to provide assistance with selecting, implementing, and managing IT security services by guiding the organization through the various phases of the IT security services life cycle.
Guide to Selecting Information Technology Security Products NIST Special Publication 800-36
This guide defines broad security product categories and specifies product types within those categories. It then provides a list of characteristics and pertinent questions an organization should ask when selecting a product from within these categories.
Guide for the Security Certification and Accreditation of Federal Information Systems Special Publication 800-37
This document provides guidelines for the security certification and accreditation of information systems supporting the executive agencies of the federal government.
Recommended Security Controls for Federal Information Systems
Recommended Security Controls for Federal Information Systems. August 2009.
Guidance for Securing Microsoft Windows XP Systems for IT Professionals.
A NIST Security Configuration Checklist - Special Publication 800-68.
Guidance for Securing Microsoft Windows VISTA:
Information Management
DOD Information Management (IM) Strategy Plan (version 2.0)
The DOD IM Strategic Plan pertains to information management, information technology, information resources management, information systems, and information services activities across the DOD.
Department of Defense Global Information Grid Architecture Architectural Vision.
The Clinger-Cohen Act (Chapter 25 of title 40, United States Code)
OMB Circular A-130, "Management of Federal Information Resources, Transmittal 4"
CJCSM 3170.01B: Operation of the Joint Capabilities Integration and Development System.
OASD(NII) Net-Centric Checklist, Version 2.1.4.
DOD Directive 8320.2, "Data Sharing in a Net-Centric Department of Defense
This Directive establishes policies and responsibilities to implement data sharing, in accordance "DOD Net-Centric Data Strategy," May 9, 2003, throughout the Department of Defense.
The Department of Defense Architecture Framework (DoDAF)
The DODAF v1.5 is an evolution of the DoDAF v1.0 and reflects and leverages the experience that the DOD Components have gained in developing and using architecture descriptions. This transitional version provides additional guidance on how to reflect net-centric concepts within architecture descriptions, includes information on architecture data management and federating architectures through the Department, and incorporates the pre-release CADM v1.5, a simplified model of previous CADM versions that includes net-centric elements.
Army Communities of Interest Guidance
(Draft) This document is intended to be uses as a general guidance to assist Mission Areas, Domains, and communities of interests (COIs) in understanding their roles and responsibilities with respect to the formation and execution of COIs. The Army will use COIs to define common vocabulary and data schema amongst and across functional areas.
DOD Net-Centric Data Strategy
This document describes a vision for a net-centric environment and the data goals for achieving it. It defines approaches and actions that DOD personnel will have to take as users.
Internet Protocol version 6 (IPv6)
DOD Internet Protocol Version 6 (IPv6) Implementation
The Memorandum describes DOD's implementation to switch over the NIPRNet to IPV6 followed by the SIPRNet. (AKO Login Required)
Special Interoperability Certification for IPv6 Capability
DOD no longer requires a stand-alone IPv6 certification. For products and capabilities covered under DOD's Unified Capabilities Requirements, IPv6 will be verified in conjunction with other interoperability, information assurance, and functionality requirements.
Guidance and Policy for Implementation of Office of Management and Budget (OMB) Internet Protocol Version 6 (IPv6) Fiscal Years (FYs) 2012 and 2014 Requirements
This memorandum provides guidance and policy to meet OMB IPv6 FY 2012 and FY 2014 requirements.
Moratorium on Fielding of Network Operations (NetOps)Tools to Brigade Combat Teams (BCTs)
The policy Moratorium "Army organizations will not field any NETOps tools to the BCTs or their Direct Reporting Units, unless approved through the configuration control process. Signed CIO/G-6 LTG Susan S. Lawrence
CONCEPT OF OPERATIONS (CONOPS) for Network Operations and Security Center (NOSC) Network Operations (NetOps)
This document presents the Concept of Operations (CONOPS) for Network Operations (NetOps) - the organizations, procedures, and technologies required to monitor, manage, defend, coordinate, and control the LandWarNet. This CONOPS describes how to implement the concept of NetOps and organizes NetOps forces along with the Roles and Responsibilities of these forces and their basic functions. (AKO Login Required)
DOD Information Assurance Certification and Accreditation Process (DIACAP)
This Instruction details the DOD process for identifying, implementing, validating, certifying, and managing IA capabilities and services, expressed as IA controls, and authorizing the operation of DOD ISs, including testing in a live environment, in accordance with statutory, Federal, and DOD requirements.
Networthiness Certification Program for Information Systems , DRAFT.
Networthiness Certification ensures information systems using the Army networks are developed in compliance with the Clinger Cohen Act and are secure, supportable, sustainable, and compatible with the LandWarNet. (AKO Login Required)
Networthiness Certification Program
The memorandum prescribes policy for the establishment of the Army Networthiness Certification Program. Networthiness Certification ensures all Automated Information Systems (AIS) on the Army Network are certified as to the capabilities, limitations, and potential impact to the Army Knowledge Enterprise (AKE). It also allows the CIO and G-6 and NETCOM to establish accountability of and manage change to the Army Network. (AKO Login Required)
Army Knowledge Management Guidance Memorandum Number 1
Memorandum outline the Army's strategy for transforming itself into a network-centric, knowledge based force. Army Knowledge Management is intended to improve decision dominance by our warfighters and business stewards. (AKO Login Required)
Section 508
Section 508 - Electronic and Information Technology
Depart of Justice status which requires that Federal agencies' electronic and information technology is accessible to people with disabilities, including employees and members of the public
Desktop and Portable Computer (1194.26)
This website outlines the specific Section 508 requirements for desktop and portable computer systems.
Section 508
Section 508 of the Rehabilitation Act (29 U.S.C. § 794d), as amended by the Workforce Investment Act of 1998 (P.L. 105-220) requires federal agencies to develop, procure, maintain and use information and communications technology (ICT) that is accessible to people with disabilities - regardless of whether or not they work for the federal government. The US Access Board established the Section 508 standards that implement the law and provides the requirements for accessibility.
Smart Cards
Army CAC/PKI Program Card Reader Specifications
This document outlines the core engineering standards used to define acceptable card readers for DA deployment and CAC/PKI use.
Personal Identity Verification (PIV) of Federal Employees and Contractors, FIPS 201-1
This standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors. The overall goal is to achieve appropriate security assurance for multiple applications by efficiently verifying the claimed identity of individuals seeking physical access to Federally controlled government facilities and electronic access to government information systems.
Army Smart Card Reader Acquisition Guidance
The CIO/G-6 (formerly DISC4) released its guidance for the procurement of Smart Card Readers (SCR) in conjunction with purchases of Personal Computers (PCs and Notebooks) and other workstations.
Additional Army Smart Card Reader Acquisition Guidance
Message provides additional guidance on the procurement of smart card readers in conjunction with purchases of personal computers (PCs) and other workstations to meet current and future smart card implementation requirements.
Smart Card Adoption and Implementation
This is the DOD policy for smart card adoption and implementation. This policy established the CAC as the standard ID card for active duty military, DOD civilian employees and eligible contractor personnel and established the card as the principal device to gain access to the DOD computer networks and systems.
Government Smart Card Interoperability Specification Version 2.1
This NIST document defines standards for Government smart card interoperability requirements. Smart cards can be inserted into the readers, and software running on the host computer communicates with these cards using a protocol defined by ISO 7816-4 [ISO4] and 7816-8 [ISO8]. The ISO standard smart card communications protocol defines Application Protocol Data Units (APDU) that are exchanged between smart cards and host computers. Compliance to this specification is paramount to assuring Automated Information System (AIS) integrity.
Radio Frequency Identification (RFID)
Automatic Identification Technology (AIT)
The Office of the Under Secretary of Defense (Supply Chain Integration) is responsible for leading the implementation of a modern and integrated materiel supply chain process that fully supports military operational requirements. The end goal of this initiative is to promote customer confidence in the DoD logistics process by building a responsive, cost-effective capacity to provide required products and services to the Warfighter. RFID technology addresses key DOD challenges of lacking asset visibility and transportation process inefficiency between nodes in the DOD supply chain. Alone and when combined with other AIT capabilities, RFID will become a key technology enabler for the DOD logistics business transformation by facilitating accurate, hands-free data capture within an integrated end-to-end supply chain enterprise.
Department of Defense Standard Practice - Military Marking For Shipment and Storage (MIL STD 129-P)
This standard provides the minimum requirements for uniform military marking for shipment and storage. Standard markings include processes for Unique Identification (UID) and Radio Frequency (RFID) tagging.
RF-Tag Format (Version 2.0)
This document provides a detailed description of the RF-Tag Data Format for the 128K byte SealTag, 128K 410R Tag, and the 412 Tags used in TAV/ITV applications. This data format is intended to provide a standard means of storing, accessing, and transferring information with RFTags.
Unique Identification (UID)
Policy for Unique Identification (UID) of Tangible Items - New Equipment, Major Modifications, and Reprocurements of Equipment and Spare
This policy mandates that an Unique Identification (UID) be provided for property procured on or after 1 January 2004 that: 1) has an acquisition cost of $5000 or more; 2) is either a serially managed, mission essential or controlled inventory piece of equipment; 3) it is a component of a delivered item, if the program manager has determined that unique identification is required (not typical of CHESS procurements); or 4) a UID or a DOD recognized UID equivalent is available. For commercial IT products procured through CHESS acquisition vehicles UIDs consist of an enterprise identifier, part number and a serial number. An enterprise identifier is a code uniquely assigned to an enterprise by a registration (or controlling) authority (enterprise identifier codes can be obtained online). Examples include Dun & Bradstreet's Data Universal Numbering System (DUNS) Number, Uniform Code Council (UCC)/EAN International (EAN) Company Prefix, or Defense Logistics Information Service (DLIS) Commercial and Government Entity (CAGE) Number. A product part number is the manufacture's part number or model number, and the serial number is products commercial serial number.
Update to Policy For Unique Identification (UID) of Tangible Items - New Equipment, Major Modifications, and Reprocurements of Equipment and Spare
Announces latest updates to UID policy (supersedes 22 Dec 2003 and 26 Nov 2003 Updates)
Policy For Unique Identification (UID) of Tangible Personnel Property Legacy Items in Inventory and Operational Use, Including Government Furnished Property (GFP)
Establishes the requirement to apply UID to existing legacy items.
Department of Defense Guide to Uniquely Identifying Items (Version 1.4)
This guide provides general information about what types of items need UID tags, what information is put on the tag, required data elements, and how that information is used to manage assets.
Department of Defense Standard Practice - Identification Marking of US Military Property (MIL-STD-130N Notice 1)
This standard provides the item marking criteria for development of specific marking requirements and methods for identification of items of military property produced, stocked, stored, and issued by or for the Department of Defense (DoD). This standard addresses criteria and data content for both free text and machine-readable information (MRI) applications for identification marking of U.S. military property.
Unique Identification 101 - The Basics
This guide provides an understanding of how DOD program offices and commercial businesses can implement the Unique Identification (UID) policy in support of the Department's mission. The guide examines the relationship between the legislative and regulatory environment motivating the program, the policy, implementation, business rules, marking, and valuation process.
Voice Over IP
Security Considerations for Voice Over IP Systems,
This publication explains the challenges of VOIP security for agency and commercial users of VOIP, and outlines steps needed to help secure an organization's VOIP network.
Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DOD) Global Information Grid (GIG) (DOD Directive 8100.D2)
Establishes policy and assigns responsibilities for the use of commercial wireless devices, services, and technologies in the DOD Global Information Grid (GIG).
Security Requirements for Cryptographic Modules (FIPS PUB 140-3)
The selective application of technological and related procedural safeguards is an important responsibility of every federal organization in providing adequate security in its computer and telecommunication systems. This standard is applicable to all federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems) as defined in Section 5131 of the Information Technology Management Reform Act of 1996, Public Law 104-106 and the Federal Information Security Management Act of 2002, Public Law 107-347. .
FIPS 140-1 and FIPS 140-2 Cryptographic Modules Validation List
Website provides listing of NIST certified cryptographic modules that are compliant with FIPS 140-1 and FIPS 140-2 security requirements.
Wireless LAN Security Framework Addendum To The Wireless Security Technical Implementation Guide (DRAFT)
This guidance provides a common conceptual framework to help the Department of Defense (DOD) coordinate acquisition, development, architecture design, and implementation of 802.11 wireless infrastructures connected to the Unclassified But Sensitive Internet Protocol Router Network (NIPRNet).
Wireless - Security Technical Implementation Guide (Version 6.0 release 1)
This Wireless Security Technical Implementation Guide (STIG) is published as a tool to assist in the improvement of the security of Department of Defense (DOD) commercial wireless information systems. The document is meant for use in conjunction with the Enclave, Network Infrastructure, Secure Remote Computing, and appropriate operating system STIGs.
Army Wireless Best Business Practices - NETCOM Wireless Security Standards, Version 2 (03-EC-M-0003)
This document establishes best practice standards for the deployment and use of wireless network technologies for the Department of the Army. (AKO Login Required)
DoD Instruction 8010.01, Department of Defense Information Network (DoDIN) Transport
This issuance establishes policy, assigns responsibilities, and provides procedures for DODIN transport and the life-cycle management of: Connection and interconnection of information systems (e.g., applications, enclaves, or outsourced processes); Unified capabilities (UC) products (including data, voice, and video); Access to information services (including data, voice, video, and cross domain (CD)) transmitted over the DODIN transport.
Department of Defense Instruction 8500.01E Change 1, Cybersecurity
a. Reissues and renames DoD Directive (DoDD) 8500.01E (Reference (a)) as a DoD Instruction (DoDI) pursuant to the authority in DoDD 5144.02 (Reference (b)) to establish a DoD cybersecurity program to protect and defend DoD information and information technology (IT). b. Incorporates and cancels DoDI 8500.02 (Reference (c)), DoDD C-5200.19 (Reference (d)), DoDI 8552.01 (Reference (e)), Assistant Secretary of Defense for Networks and Information Integration (ASD(NII))/DoD Chief Information Officer (DoD CIO) Memorandums (References (f) through (k)), and Directive-type Memorandum 08-060 (Reference (l)). c. Establishes the positions of DoD principal authorizing official (PAO) and the DoD Senior Information Security Officer (SISO) and continues the DoD Information Security Risk Management Committee (DoD ISRMC). d. Adopts the term “cybersecurity” as it is defined in National Security Presidential Directive-54/Homeland Security Presidential Directive-23 (Reference (m)) to be used throughout DoD instead of the term “information assurance (IA).”
DoD Instruction (DoDI) 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT)
The DoD will establish and use an integrated enterprise-wide decision structure for cybersecurity risk management (the RMF) that includes and integrates DoD mission areas (Mas).
Department of Defense Cloud Strategy
The strategy drives implementation toward the enterprise cloud environment, an ecosystem composed of a General Purpose and Fit For Purpose clouds. It focuses implementation activities on two fundamental types of work: first is the stand up of cloud platforms ready to receive data and applications, and second is the ongoing work to migrate existing applications and to develop new applications in the cloud.
The Army Cloud Plan 2020
The Army Cloud Plan lays out the following six strategic objectives: Accelerate Data Driven Decisions, Decrease Time to Field software, Optimize the Security Accreditation Process, Establish Cloud Design, Software Development and Data Engineering as a Core Competency, Design Software to Adapt to an Unpredictable World, and Provide IT Asset/Cost Transparency and Accountability.
Defense Standardization Program
Standardization documents are developed and used for products, materials, and processes that have multiple applications to promote commonality and interoperability among the Military Departments and the Defense Agencies and between the United States and its allies, and to limit the variety of items in the military supply system. The Acquisition Streamlining and Standardization Information System (ASSIST) database identifies approved defense and federal standardization documents, adopted non-government standards (NGS), and U.S. ratified materiel International Standardization Agreements (ISAs).
DoD Enterprise Software Initiative (DoD ESI). Overview & History
DoD Enterprise Software Initiative (DoD ESI) is an official DoD initiative sponsored by the DoD Chief Information Officer (CIO) to lead in the establishment and management of enterprise COTS IT agreements, assets, and policies. DoD ESI lowers the total cost of ownership across the DoD, Coast Guard and Intelligence Communities for commercial software, IT hardware, and services. Link to DoD ESI Agreements:
DoD Memo, "Category Management Purchasing Solutions for Commodity Laptops and Desktops"
The Department of Defense Chief Information Officer (DoD CIO) promotes the use of Information Technology Category Management (ITCM) “Best-in-Class” (BIC) solutions for commodity laptop and desktop computer purchases to maximize asset value through demand management, volume discounts, and streamlined procurement processes. This memo designates BIC solutions for DoD enterprise use. DoD ordering activities must first consider these BIC solutions to fulfill commodity purchasing requirements.
DoD Memo "Department of Defense Software Lifecycle Maintenance"
The Department of Defense Software Lifecycle Maintenance Memorandum, released 14 May 2020 by the DoD Chief Information Officer, covers current critical Cybersecurity vulnerability concerns associated with installed commercial software on Government Information Systems and servers not being properly maintained or supported. It gives guidance on how DoD Components, to include owners of Programs of Record and Weapon Systems, must mitigate this and provides attached Vendor Software Lifecycle Maintenance Schedules, Support Policies, Lifecycle Changes, and other resources for various software.