Directives, Policies, Standards & Guidelines
Active Directory CONOPS (Version 1.1)
This document is to describe the concept of operations (CONOPS) that Army organizations will use to implement and operate an Active Directory (AD) across all Theaters of Operations. This document establishes that the US Army Network Enterprise Technology Command (NETCOM) provides the overall guidance for the standards, responsibilities, and processes necessary to migrate from the current information technology (IT) environment to an AD based environment on the Department of the Army (DA) HQDA Office of the Army Chief Information Officer (CIO/G6) Army Knowledge Management (AKM) policy. (AKO Login Required)
Active Directory Management Role and Responsibilities - TECHCON 2004-008
This memorandum provides guidance to Army organizations on roles and responsibilities as they pertain to the Active Directory within the Army Enterprise. (AKO Login Required)
Active Directory Trust Procedures and Guidelines - TECHCON 2004-015B
This document provides specific guidance to all Army organizations that request approval, implementation, and management of AD trusts in the AEI. This document defines types and levels of trusts, and then identifies the roles and responsibilities of entities involved in the end-to-end process of requesting a trust through implementing, planning, operating, and, where appropriate, removing a trust. Processes and procedures are given for requesting, approving, and implementing trusts as well as reporting and removing. These are specifically developed for application to permanent, migration, and deployed forces trusts. (AKO Login Required)
CONUS Forest Exchange 2003 Architecture & Design (Version 2.1)
This document describes the CONUS Forest architecture, design and implementation of an Army messaging capability based on Microsoft (MS) Exchange 2003, tightly integrated with the ongoing rollout of Army Windows 2003 Active Directory (AD) in the CONUS forest. The objective is to provide an engineering design and guidance for the near-term implementation of a regionalized Exchange environment capable of transitioning to a highly centralized objective end state. Primary considerations for this design are security, retention of local DOIM-managed mailbox servers, Microsoft product restrictions and minimization of central funding and management. (AKO Login Required)
Army Policy for Windows NT 4.0 Replacement and Active Directory (AD) Implementation
Establishes Army policy for the replacement of Windows NT 4.0 with Windows 2000 or better for the establishment of Active Directory baseline. (AKO Login Required)
Active Directory (AD) Administration Responsibilities and Technical Guidance (Version 1.0)
This document provides the model for system administration of the Army Active Directory (AD) Forest. The document also discusses the AD Forest structure and management of all the components within that structure. (AKO Login Required)
Army Enterprise Standardization
Memorandum Enterprise Software Agreements
This memorandum establishes Army procedures for ordering software from Enterprise Software Agreements.
Department of the Army IT Purchasing Guide
The purpose of this guide is to provide the procedures to help users fulfill commercial IT requirements by using Army contracts as the primary option. It outlines the process and the points of contact that can help you with your next IT products or services purchase.
DOD Support for the SmartBUY Initiative
The CIO of DOD directed that the use of SmartBUY agreements is mandatory.
Memorandum on Employment of Collaboration Capabilities Procedures
This memorandum establishes Army procedures on the acquisition and implementation of Army collaboration capabilities to be deployed on the Army Enterprise network or at local enclaves or domain levels. Collaboration capabilities are defined as the wide range of structures, processes, procedures, and services or tools necessary to enable two or more individuals who are not co-located to use an electronic synchronous or asynchronous environment to communicate, plan, coordinate and make decisions to achieve an objective. This procedure applies to the Active Army, the U.S. Army National Guard, the U.S. Army Reserve, U.S. Army civilians, and applicable U.S. Army supporting contractors.
Memorandum on Army's Implementation of DOD Enterprise Software Initiative (DOD ESI)
The Office of the Assistant Secretary of the Army (Acquisition, Logistics and Technology) is re-issuing this information to all Principal Assistants Responsible for Contracting (PARC) offices to support the Computer Hardware, Enterprise Software and Solutions (CHESS) office efforts with the DOD ESI and to reiterate the obligation for all Government Purchase Card (GPC) participants to comply with mandated Defense Federal Acquisition Regulations Supplement (DFARS) requirements for purchasing computer software.
Army Enterprise Desktop Software Standardization (TA Implementation Memorandum 2003-005c)
This TA defines a common standard Army software configuration baseline for user workstations (i.e., PCs) and notebooks for use within the Army enterprise. (AKO Login Required)
DFARS Final Rule on the use of Enterprise Software Agreements
DFARS Final Rule on the use of Enterprise Software Agreements has been published. On 25 October 2002, the DOD final rule has been published in the Federal Register amending the Defense Federal Acquisition Regulation Supplement (DFARS) to add a policy to mandate the use of DOD Enterprise Initiative Enterprise Software Agreements for commercial software and software maintenance acquisitions.
Acquiring Commercially Available Software and Information Technology (IT) Products within the Army
AR 25-1, paragraph 6-2e(3) The Computer Hardware, Enterprise Software and Solutions (CHESS) is the Army's designated Software Product Manager and exclusive source for all software through the enterprise license agreements.
Army Knowledge Management
Army Knowledge Management and Information Technology Management (AR 25-1)
This regulation establishes the polices and assigns responsibilities for information management and information technology. It applies to information technology contained in both business systems and national security systems developed for or purchased by the Department of Army.
Army Knowledge Management Implementation Plan
(Version 2.0) The AKM Strategic Plan outlines five goals that challenge our most basic institutional business processes and policies for IT and information management (IM) in support of the Army Campaign Plan (ACP): Goal 1 -Adopt governance and cultural changes to become a knowledge-based organization Goal 2 -Integrate Knowledge Management (KM) concepts and best practices to promote the knowledge-based force Goal 3 -Manage the infostructure as an Enterprise to enhance capabilities and efficiencies Goal 4 -Institutionalize Army Knowledge Online (AKO) as the enterprise portal to provide universal, secure access for the entire Army Goal 5 -Harness Human Capital for the knowledge-based organization (AKO Login Required)
Implementation of Basic Input/Output System (BIOS) Protection Guidelines
Information Technology procurement policy Basic Input/Output System (BIOS) compliancy Apr 7, 2011 " The purpose of this memorandum is to provide updated policy for the development and procurement of IT hardware, IT requirements determination, software and service requirements documentation in accordance with reference 1B".
Information Technology Procurement Policy Basic Input/Output System (BIOS) Compliancy
The purpose of this memorandum is to provide updated policy for the development and procurement of IT hardware, IT requirements determination, software and service requirements documentation in accordance with reference 1b.
Employment of Collaboration Capabilities Procedures
This memorandum establishes the Army procedures on the acquisition and implementation of Army collaboration capabilities to be deployed on the Army Enterprise network or at local enclaves or domain levels.
Collaboration Tools Suite Standards
This memorandum establishes the Army policy for the procurement and deployment of DOD networked collaboration tools. Collaboration tools include, but are not limited to, voice and video conferencing; text, document and application sharing; awareness and instant messaging; and whiteboarding.
Collaboration products certified for use on DOD SIPRNet Networks
This website provides a listing of collaborative tools that have been certified for use on DOD SIPRNet and NIPRNet networks.
DCTS CMO Product Exemption List
This website provides a listing of collaborative tools that are exempt from the certification process and can be used on DOD NIPRNet network.
AGM Program Change Request
The purpose of this memorandum is to define the requirements for modifying the Army Golden Master (AGM) baseline configuration and describing the Statement of Non-Availability/compliance reporting process for organizational modifications.
Army Enterprise Desktop Standardization - Implementation Memorandum 2003-005c
This memorandum identifies minimum hardware, operating systems, applications, and configurations necessary to establish baselines for personal computer (PC) desktop systems for use throughout the Army. Presently, these systems consist of the Microsoft Windows and Macintosh computing environments.
DOD Information Technology Standards Registry
DOD Information Technology Standards Registry
The Department of Defense Information Technology Standards Registry (DISR) replaces the Joint Technical Architecture (JTA). This external link provides access to the spreadsheets that define the current service areas, interfaces, and standards applicable to all DOD systems, and its adoption is mandated for the management, development, and acquisition of new or improved systems throughout DOD. (Note: Access to the DISR requires registration/login to the DISA DISRonline website)
President Issues Executive Order Regarding Energy-Efficient Use of Power Devices in Federal Facilities
Executive Order 13221 - Defines the policy for use of Energy Star devices within Federal Facilities. The Executive Order required that when Federal organizations purchase commercially available, off-the-shelf products that use external standby power devices, or that contain an internal standby power function, that the purchase products use no more than one watt in their standby power-consuming mode. If such products are not available, agencies shall purchase products with the lowest standby power wattage while in their standby power-consuming mode.
Digital duplicator - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for digital duplicators.
Copiers and Fax Machines - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for copiers and fax machines.
Computer Servers - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for computer servers.
Computer - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for computers.
Monitor - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for monitors.
Printers, scanners, and all-in-one devices - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for printers, scanners, and all-in-one devices.
Notebook Computers/Tablet PCs - Key Product Criteria
This website provides the required performance thresholds to obtain Energy Star compliance for notebook computers/tablet PCs.
Information Assurance - Army and DOD Policy
Information Assurance (AR 25-2)
This regulation provides Information assurance policy, mandates, roles, responsibilities, and procedures for implementing the Army Information Assurance Program, consistent with today's technological advancements for achieving acceptable levels of security in engineering, implementation, operation, and maintenance for information systems connecting to or crossing any U.S. Army managed network.
Army Approved IA Tools List
This website lists all CSLA approved Information Assurance (IA) Products. Use of CSLA BPA mandated via AR 25-2. Users wishing to procure IA products must contact Julia Conyers-Lucero at email@example.com or phone 520.538-8259 DSN 879-8259. (AKO Login Required)
Information Assurance (IA) Approved Products List
The IA APL contains vetted products intended for Army acquisition and deployment. All relevant Army personnel, including PEOs and PMs, are required to select IA products from this list throughout the lifecycle of a system or architecture. The IA APL contains NEW, LEGACY, and COMSEC technology for Army wide acquisition. Strategic, Operational, Tactical, or Special Mission Areas are directed to leverage the Army's IA APL to remain compliant with Army Information Assurance and Acquisition Regulations.
DOD CIO Memorandum, “Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media,”
This Memorandum requires that all data at rest on mobile computing devices shall be treated as sensitive information and shall be encrypted.
Disposition of Unclassified DOD Computer Hard Drives
Effective 4 June 2001, the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence, signed into policy guidance on the Disposition of Unclassified DOD Computer Hard Drives.
Information Assurance - NIST Policy and Guidelines
National Information Assurance Acquisition Policy
This DOD policy emphasized the requirement at all IA products and IS-enabled products that require use of the product's IA capabilities, acquired under contracts executed after July 1, 2002 to support all DOD information systems must be evaluated and validated in accordance with policy.
Guide to Information Technology Security Services NIST Special Publication 800-35
The purpose of this guide is to provide assistance with selecting, implementing, and managing IT security services by guiding the organization through the various phases of the IT security services life cycle.
Guide to Selecting Information Technology Security Products NIST Special Publication 800-36
This guide defines broad security product categories and specifies product types within those categories. It then provides a list of characteristics and pertinent questions an organization should ask when selecting a product from within these categories.
Guide for the Security Certification and Accreditation of Federal Information Systems Special Publication 800-37
This document provides guidelines for the security certification and accreditation of information systems supporting the executive agencies of the federal government.
Recommended Security Controls for Federal Information Systems
Recommended Security Controls for Federal Information Systems. August 2009.
Guidance for Securing Microsoft Windows XP Systems for IT Professionals.
A NIST Security Configuration Checklist - Special Publication 800-68.
Guidance for Securing Microsoft Windows VISTA:
DOD Information Management (IM) Strategy Plan (version 2.0)
The DOD IM Strategic Plan pertains to information management, information technology, information resources management, information systems, and information services activities across the DOD.
Department of Defense Global Information Grid Architecture Architectural Vision.
The Clinger-Cohen Act (Chapter 25 of title 40, United States Code)
OMB Circular A-130, "Management of Federal Information Resources, Transmittal 4"
CJCSM 3170.01B: Operation of the Joint Capabilities Integration and Development System.
OASD(NII) Net-Centric Checklist, Version 2.1.4.
DOD Directive 8320.2, "Data Sharing in a Net-Centric Department of Defense
This Directive establishes policies and responsibilities to implement data sharing, in accordance "DOD Net-Centric Data Strategy," May 9, 2003, throughout the Department of Defense.
The Department of Defense Architecture Framework (DoDAF)
The DODAF v1.5 is an evolution of the DoDAF v1.0 and reflects and leverages the experience that the DOD Components have gained in developing and using architecture descriptions. This transitional version provides additional guidance on how to reflect net-centric concepts within architecture descriptions, includes information on architecture data management and federating architectures through the Department, and incorporates the pre-release CADM v1.5, a simplified model of previous CADM versions that includes net-centric elements.
Army Communities of Interest Guidance
(Draft) This document is intended to be uses as a general guidance to assist Mission Areas, Domains, and communities of interests (COIs) in understanding their roles and responsibilities with respect to the formation and execution of COIs. The Army will use COIs to define common vocabulary and data schema amongst and across functional areas.
DOD Net-Centric Data Strategy
This document describes a vision for a net-centric environment and the data goals for achieving it. It defines approaches and actions that DOD personnel will have to take as users.
Internet Protocol version 6 (IPv6)
DOD Internet Protocol Version 6 (IPv6) Implementation
The Memorandum describes DOD's implementation to switch over the NIPRNet to IPV6 followed by the SIPRNet. (AKO Login Required)
Special Interoperability Certification for IPv6 Capability
DOD no longer requires a stand-alone IPv6 certification. For products and capabilities covered under DOD's Unified Capabilities Requirements, IPv6 will be verified in conjunction with other interoperability, information assurance, and functionality requirements.
Guidance and Policy for Implementation of Office of Management and Budget (OMB) Internet Protocol Version 6 (IPv6) Fiscal Years (FYs) 2012 and 2014 Requirements
This memorandum provides guidance and policy to meet OMB IPv6 FY 2012 and FY 2014 requirements.
Moratorium on Fielding of Network Operations (NetOps)Tools to Brigade Combat Teams (BCTs)
The policy Moratorium "Army organizations will not field any NETOps tools to the BCTs or their Direct Reporting Units, unless approved through the configuration control process. Signed CIO/G-6 LTG Susan S. Lawrence
CONCEPT OF OPERATIONS (CONOPS) for Network Operations and Security Center (NOSC) Network Operations (NetOps)
This document presents the Concept of Operations (CONOPS) for Network Operations (NetOps) - the organizations, procedures, and technologies required to monitor, manage, defend, coordinate, and control the LandWarNet. This CONOPS describes how to implement the concept of NetOps and organizes NetOps forces along with the Roles and Responsibilities of these forces and their basic functions. (AKO Login Required)
DOD Information Assurance Certification and Accreditation Process (DIACAP)
This Instruction details the DOD process for identifying, implementing, validating, certifying, and managing IA capabilities and services, expressed as IA controls, and authorizing the operation of DOD ISs, including testing in a live environment, in accordance with statutory, Federal, and DOD requirements.
Networthiness Certification Program for Information Systems , DRAFT.
Networthiness Certification ensures information systems using the Army networks are developed in compliance with the Clinger Cohen Act and are secure, supportable, sustainable, and compatible with the LandWarNet. (AKO Login Required)
Networthiness Certification Program
The memorandum prescribes policy for the establishment of the Army Networthiness Certification Program. Networthiness Certification ensures all Automated Information Systems (AIS) on the Army Network are certified as to the capabilities, limitations, and potential impact to the Army Knowledge Enterprise (AKE). It also allows the CIO/G6 and NETCOM to establish accountability of and manage change to the Army Network. (AKO Login Required)
Army Knowledge Management Guidance Memorandum Number 1
Memorandum outline the Army's strategy for transforming itself into a network-centric, knowledge based force. Army Knowledge Management is intended to improve decision dominance by our warfighters and business stewards. (AKO Login Required)
Section 508 - Electronic and Information Technology
Depart of Justice status which requires that Federal agencies' electronic and information technology is accessible to people with disabilities, including employees and members of the public
Desktop and Portable Computer (1194.26)
This website outlines the specific Section 508 requirements for desktop and portable computer systems.
Section 508 Homepage
Army CAC/PKI Program Card Reader Specifications
This document outlines the core engineering standards used to define acceptable card readers for DA deployment and CAC/PKI use.
Personal Identity Verification (PIV) of Federal Employees and Contractors, FIPS 201-1
This standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors. The overall goal is to achieve appropriate security assurance for multiple applications by efficiently verifying the claimed identity of individuals seeking physical access to Federally controlled government facilities and electronic access to government information systems.
Army Smart Card Reader Acquisition Guidance
The CIO/G-6 (formerly DISC4) released its guidance for the procurement of Smart Card Readers (SCR) in conjunction with purchases of Personal Computers (PCs and Notebooks) and other workstations.
Additional Army Smart Card Reader Acquisition Guidance
Message provides additional guidance on the procurement of smart card readers in conjunction with purchases of personal computers (PCs) and other workstations to meet current and future smart card implementation requirements.
Smart Card Adoption and Implementation
This is the DOD policy for smart card adoption and implementation. This policy established the CAC as the standard ID card for active duty military, DOD civilian employees and eligible contractor personnel and established the card as the principal device to gain access to the DOD computer networks and systems.
Government Smart Card Interoperability Specification Version 2.1
This NIST document defines standards for Government smart card interoperability requirements. Smart cards can be inserted into the readers, and software running on the host computer communicates with these cards using a protocol defined by ISO 7816-4 [ISO4] and 7816-8 [ISO8]. The ISO standard smart card communications protocol defines Application Protocol Data Units (APDU) that are exchanged between smart cards and host computers. Compliance to this specification is paramount to assuring Automated Information System (AIS) integrity.
Radio Frequency Identification (RFID)
Radio Frequency Identification
The Office of the Under Secretary of Defense (Supply Chain Integration) is responsible for leading the implementation of a modern and integrated materiel supply chain process that fully supports military operational requirements. The end goal of this initiative is to promote customer confidence in the DOD logistics process by building a responsive, cost-effective capacity to provide required products and services to the Warfighter. RFID technology addresses key DOD challenges of lacking asset visibility and transportation process inefficiency between nodes in the DOD supply chain. Alone and when combined with other AIT capabilities, RFID will become a key technology enabler for the DOD logistics business transformation by facilitating accurate, hands-free data capture within an integrated end-to-end supply chain enterprise.
Department of Defense Standard Practice - Military Marking For Shipment and Storage (MIL STD 129-P)
This standard provides the minimum requirements for uniform military marking for shipment and storage. Standard markings include processes for Unique Identification (UID) and Radio Frequency (RFID) tagging.
RF-Tag Format (Version 2.0)
This document provides a detailed description of the RF-Tag Data Format for the 128K byte SealTag, 128K 410R Tag, and the 412 Tags used in TAV/ITV applications. This data format is intended to provide a standard means of storing, accessing, and transferring information with RFTags.
Unique Identification (UID)
Policy for Unique Identification (UID) of Tangible Items - New Equipment, Major Modifications, and Reprocurements of Equipment and Spare
This policy mandates that an Unique Identification (UID) be provided for property procured on or after 1 January 2004 that: 1) has an acquisition cost of $5000 or more; 2) is either a serially managed, mission essential or controlled inventory piece of equipment; 3) it is a component of a delivered item, if the program manager has determined that unique identification is required (not typical of CHESS procurements); or 4) a UID or a DOD recognized UID equivalent is available. For commercial IT products procured through CHESS acquisition vehicles UIDs consist of an enterprise identifier, part number and a serial number. An enterprise identifier is a code uniquely assigned to an enterprise by a registration (or controlling) authority (enterprise identifier codes can be obtained online). Examples include Dun & Bradstreet's Data Universal Numbering System (DUNS) Number, Uniform Code Council (UCC)/EAN International (EAN) Company Prefix, or Defense Logistics Information Service (DLIS) Commercial and Government Entity (CAGE) Number. A product part number is the manufacture's part number or model number, and the serial number is products commercial serial number.
Update to Policy For Unique Identification (UID) of Tangible Items - New Equipment, Major Modifications, and Reprocurements of Equipment and Spare
Announces latest updates to UID policy (supersedes 22 Dec 2003 and 26 Nov 2003 Updates)
Policy For Unique Identification (UID) of Tangible Personnel Property Legacy Items in Inventory and Operational Use, Including Government Furnished Property (GFP)
Establishes the requirement to apply UID to existing legacy items.
Department of Defense Guide to Uniquely Identifying Items (Version 1.4)
This guide provides general information about what types of items need UID tags, what information is put on the tag, required data elements, and how that information is used to manage assets.
Department of Defense Standard Practice - Identification Marking of US Military Property (MIL-STD-130L)
This standard provides the item marking criteria for development of specific marking requirements and methods for identification of items of military property produced, stocked, stored, and issued by or for the Department of Defense. This standard addresses criteria and data content for both human-readable information (HRI) and machine-readable information (MRI) applications of item identification marking.
Unique Identification 101 - The Basics
This guide provides an understanding of how DOD program offices and commercial businesses can implement the Unique Identification (UID) policy in support of the Department's mission. The guide examines the relationship between the legislative and regulatory environment motivating the program, the policy, implementation, business rules, marking, and valuation process.
Voice Over IP
Security Considerations for Voice Over IP Systems,
This publication explains the challenges of VOIP security for agency and commercial users of VOIP, and outlines steps needed to help secure an organization's VOIP network.
Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DOD) Global Information Grid (GIG) (DOD Directive 8100.D2)
Establishes policy and assigns responsibilities for the use of commercial wireless devices, services, and technologies in the DOD Global Information Grid (GIG).
Security Requirements for Cryptographic Modules (FIPS PUB 140-2)
This standard specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information.
FIPS 140-1 and FIPS 140-2 Cryptographic Modules Validation List
Website provides listing of NIST certified cryptographic modules that are compliant with FIPS 140-2 security requirements.
Wireless LAN Security Framework Addendum To The Wireless Security Technical Implementation Guide (DRAFT)
This guidance provides a common conceptual framework to help the Department of Defense (DOD) coordinate acquisition, development, architecture design, and implementation of 802.11 wireless infrastructures connected to the Unclassified But Sensitive Internet Protocol Router Network (NIPRNet).
Wireless - Security Technical Implementation Guide (Version 6.0 release 1)
This Wireless Security Technical Implementation Guide (STIG) is published as a tool to assist in the improvement of the security of Department of Defense (DOD) commercial wireless information systems. The document is meant for use in conjunction with the Enclave, Network Infrastructure, Secure Remote Computing, and appropriate operating system STIGs.
Army Wireless Best Business Practices - NETCOM Wireless Security Standards, Version 2 (03-EC-M-0003)
This document establishes best practice standards for the deployment and use of wireless network technologies for the Department of the Army. (AKO Login Required)