3 February 2016

Cloud, cyber policy documents trickle out of DoD


Amber Corrin
January 29, 2016 

In recent days Defense Department entities publicly released documents outlining strategies and policies related to cloud practices and cyber operations, months after they were issued internally to personnel.

The Defense Information Systems Agency’s Cloud Connection Process Guide (CCPG), which was issued last year but has just beenmade available to the public, aims to help DISA cloud customers – DoD components – navigate the security requirements and onboarding processes for implementing commercial cloud services.

“This document incorporates the lessons learned and process insights from cloud pilots and various other DISA led efforts. The CCPG is a living document and will be updated to remain compliant with policies,” incorporating evolving security requirements with the goal of making DISA’s guidance DoD-wide policy, according to the CCPG.

The 50-page guide comprises three sections: a general introduction and overview, a section on the the connection of cloud service offerings and a section on the “onboarding of mission owners to cloud service offerings.”

Across campus at Fort Meade, Maryland, where DISA is co-located with the National Security Agency and U.S. Cyber Command, more documents emerged outlining DoD’s organization, policies and activities for operating in cyberspace.

A June memo from Adm. Mike Rogers, the chief NSA and CyberCom, outlines his vision and guidance in a document titled Beyond the Build: Delivering Outcomes through Cyberspace. Much of the document underscores the importance of defending against “peer competitors” in the cyber domain.

“This Vision emphasizes integration of cyberspace operations into new ways of defending, fighting and partnering against learning adversaries in the contested cyber domain. We maintain an operational mindset with our networks and cyber capabilities led by commanders who understand they are always in real or imminent contact with adversaries,” Rogers writes in an intro to the document. “We will build our teams and capabilities to be agile, innovative and accountable as we execute our missions on behalf of the nation.”

Rogers’ guidance is just one of 27 documents posted to the National Security ArchiveJan. 20, making available similarly themed directional dispatches from each of the service branches, their subcomponents, and Pentagon leaders including the chairman of the Joint Chiefs of Staff (who issued a 2009 manual for information assurance and network defense). The documents range in date from early 2009 to as recent as last summer.

The National Security Archive, an independent watchdog site based at George Washington University, posted links to all 27 documents as well as a thorough electronic briefing book dedicated to the newly released DoD cyber documents. Jeffery Richelson, the author of the post, broke the documents down into six key areas:

terminology 
the creation and responsibility of CyberCom 
the role of military cyber organizations defending the Global information Grid 
the Joint Chiefs of Staff rules for computer network defense 
Pentagon strategy for cyber counterintelligence 
DoD policy, responsibilities and procedures for conducting and handling human intelligence operations in cyberspace.

1 comment:

Unknown said...

Today in information is in zone of risk. I use Ideals virtual data room for my documents and I think we should pay a lot of attention to our information security.