Army prepping IA policy

The Army is preparing an information assurance (IA) policy that will guide the way the service implements a Defense Department IA directive.

An enterprise information assurance policy is one of three key pillars needed to support the Army Knowledge Management (AKM) imperatives of defending networks, supporting the Objective Force and lowering the total cost of information technology ownership, said Robert Ringdahl, chief integration officer at Network Enterprise Technology Command's Enterprise Systems Technology Activity.

The Army policy is in draft form and should be ready for release by September, Ringdahl said during a June 5 speech at the Army Small Computer Program's IT conference.

"It will be the Army's implementation policy of [DOD's 8500.1] directive," he told Federal Computer Week.

Directive 8500.1 was issued in late October 2002 and calls for Defense agencies to protect data as it is shared across the Global Information Grid. Furthermore, DOD Instruction 8500.2, dated Feb. 6, sets forth the way that rules and policies in the directive are implemented. The instruction is designed to ensure that information awareness training and education are provided to all military and civilian personnel, specific to their responsibilities for developing, using and maintaining DOD information systems.

Col. Ted Dmuchowski, director of information assurance at the Network Enterprise Technology Command, said the new Army policy is really an updated information assurance regulation that will align and consolidate the service's information assurance goals and objectives to support DOD Directive 8500.1 and Instruction 8500.2.

"The policy will reduce the manageability requirements of information systems, minimize the effects of unauthorized access or loss, and increase the effectiveness of IA integration as part of the life cycle of all information systems, Dmuchowski said.

He noted that the "cornerstone philosophy of Army information assurance" is to:

* Design, implement and secure accesses, data, systems and repositories.

* Increase trust and trusted relationships.

* Employ technical and operational security mechanisms.

* Deny all unauthorized accesses.

* Permit necessary exceptions to support Army, DOD, and Joint interagency and multinational tactical and sustaining-base operations.

In addition to creating the Army's information assurance policy, Ringdahl said the service must deal with two other key pillars to support its AKM imperatives: the role of reimbursable funding vs. cost funding, and the role of Microsoft Corp. — which appears to be clearer with the May 30 award of an enterprise software agreement.

The funding question is "evolving and [is] a topic of intense discussion" among the Army's IT leaders, he said, adding that decisions must be made whether reimbursements will be done at the individual user or major command level.