Cybersecurity

The Department of the Navy senior information assurance officer (SIAO) and the DON deputy SIAO for Computer Network Defense reside within the office of the DON CIO. Cybersecurity is the "prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation" (NSPD 54/HSPD 23 and the DoD CIIA Strategic Plan).

News: 110   Policy: 104   Resources: 35    All: 249
Sort by Date | Title


Policy

DON Cyberspace IT and Cybersecurity Workforce Management and Qualification Manual

SECNAV M-5239.2 - June 30, 2016

The manual updates Department of Navy workforce policy and responsibilities to support the DON's transition from the Information Assurance Workforce Program to the new DoD Cyberspace Workforce structure.

DON Communications Security Material Program Implementation Policy

SECNAV INSTRUCTION 2201.1 - May 23, 2016

This instruction establishes DON COMSEC Material System Program implementation policy, delegates implementation roles, and clarifies implementation responsibilities DON wide. The guidance facilitates consistent program implementation by designated DON Secretariat, Navy, Marine Corps, Coast Guard, and Military Sealift Command officials and authorizes publication of detailed implementation procedures by appropriate ...

Federal Acquisition Regulation; Basic Safeguarding of Contractor Information Systems

Federal Register: Vol. 81, No. 94 - May 16, 2016

DoD, GSA, and NASA are issuing a final rule amending the Federal Acquisition Regulation to add a new subpart and contract clause for the basic safeguarding of contractor information systems that process, store or transmit Federal contract information. The clause does not relieve the contractor of any other specific safeguarding requirement specified by Federal agencies and departments as it relates to covered contractor ...

DON Cybersecurity Policy

SECNAV INSTRUCTION 5239.3C - May 2, 2016

This instruction establishes Department of the Navy policy for cybersecurity (CS) consistent with national and Department of Defense CS policy directives and instructions.

Acceptable Use of DON Information Technology

DON CIO Memo - February 12, 2016

This memorandum updates the Department of the Navy (DON) Acceptable Use Policy and cancels references (a) through (c). Enclosure (2) specifies acceptable use of DON IT. The DON uses tools to monitor user activity and to implement varying levels of capacity/filtering restrictions. Communications using, or information stored on, DON IT are not private and are subject to routine monitoring, interception, and search; and may ...

DON Information Type Baselines for Risk Management Framework Categorization of Information Technology

DON CIO Memo - February 10, 2016

In order to promote consistency in DON Risk Management Framework (RMF) implementation, the DON Chief Information Officer (CIO) collaborated with Navy and Marine Corps cybersecurity stakeholders to develop DON Information Type Baselines. The DON baseline includes the information types and impact levels from reference (c) and adds DON­-unique impact levels for certain information types. The DON Information Type Baselines ...

Department of the Navy Critical Infrastructure Protection Program

UNSECNAV Memo - February 1, 2016

This memorandum designates the Office of the Deputy Under Secretary of the Navy for Policy (DUSN(P)) as the DON office of primary responsibility for Critical Infrastructure Protection (CIP). While no longer the Secretariat lead for CIP, DON CIO will continue to provide cybersecurity support and advice to DUSN(P).

DON CIO Cybersecurity Strategy Guidance

DON CIO Guidance - November 16, 2015

The Department of the Navy Chief Information Officer has updated and renamed the Acquisition Information Assurance Strategy (AIAS) Guidance to the DON CIO Cybersecurity Strategy (CSS) Template and Instructions. The document includes information from the Draft DoD Cybersecurity Strategy outline, provides a template format, and contains DON CIO guidance on developing and submitting the CSS to support system acquisition.

Navy Cybersecurity Communications Campaign

NAVADMIN 239/15 - October 13, 2015

This NAVADMIN describes how, starting October 2015, the Navy has launched a year-long communications campaign to create a culture where cybersecurity discipline is a high priority and a daily habit, protecting the Navy from the persistent cyber threat it faces.

Coding of DON Positions Performing Cybersecurity Functions

DON CIO Memo - April 8, 2015

This memo details how the DON Chief Information Officer, DON Office of Civilian Human Resources, and Navy and Marine Corps civilian cybersecurity management personnel developed the responsibilities, requirements, and procedures necessary for FY 2015 implementation of OPM's direction to code positions that perform cybersecurity work with Cybersecurity Data Element Codes.

The Department of Defense Cyber Strategy

DoD Strategy Document - April 1, 2015

The purpose of this Cyber Strategy, the Department's second, is to guide the development of DoD's cyber forces and strengthen the cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three cyber missions: to defend DoD networks, systems, and information; defend the U.S. homeland and U.S. national interests against cyberattacks of significant consequence; and ...

DON Data At Rest Solution For Encryption Of Controlled Unclassified Information

DON CIO Memo - June 23, 2014

The purpose of this memo is to announce the availability of Microsoft BitLocker as a Department of the Navy approved enterprise data at rest solution for the encryption of controlled unclassified information on Microsoft-based systems.

Guidance Regarding Cyberspace Roles, Responsibilities, Functions, and Governance Within the DoD

DoD Memo - June 9, 2014

The purpose of this memo is to clarify the roles, responsibilities, and relationships for cyberspace matters in the Department; to streamline seemingly overlapping duties concerning information technology networks and cyber; and, to provide guidance on establishing a single governance structure for cyberspace going forward.

DON Implementation Of The Risk Management Framework For DoD IT

DON CIO Memo - May 20, 2014

The purpose of this memo is to implement the Risk Management Framework for Department of Defense Information Technology, within the Department of the Navy.

DON Adoption of the DoD Mobile Classified Capability

DON CIO Memo - March 19, 2014

This memo details how the Department of the Navy will transition to DoD Mobile Classified Capability (DMCC) once Defense Information Systems Agency has fielded DMCC phones, and DMCC access to NMCI Secret Internet Protocol Router Network Outlook Web Access email has been enabled.

DON Policy For Approving Electronic Fingerprint Software And Hardware For Use On DON Networks

DON CIO Memo - December 3, 2013

This memo outlines an efficient path to compliance with Department of Defense information systems Certification and Accreditation requirements when connecting end-user electronic fingerprint (eFP)hardware and installing end-user eFP software on DON networks.

Moratorium on Microsoft Windows XP and All Prior Versions of Microsoft Operating Systems

DTG 312035Z MAY 13 - May 13, 2013

This NAVADMIN provides guidance on the use of Microsoft Windows XP and all prior versions of Microsoft operating systems. Effective April 30, 2014, Microsoft will no longer provide vendor lifecycle support (automatic fixes, updates, or online technical assistance) for Windows XP.

DON Certification and Accreditation Pilot

DON CIO Memo - March 20, 2013

This memo outlines the certification and accreditation pilot of information technology systems within the Department of the Navy.

Critical Infrastructure Security and Resilience

Presidential Policy Directive 21 - February 12, 2013

This directive establishes national policy on critical infrastructure security and resilience; refines and clarifies the critical infrastructure-related function, roles, and responsibilities across the Federal government; and enhances overall coordination and collaboration.

Improving Critical Infrastructure Cybersecurity

Executive Order 13636 - February 12, 2013

This executive order establishes the United States' policy to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. Such goals are achieved through a partnership with the owners and operators of critical ...

Cyberspace/IT Workforce Continuous Learning

SECNAVINST 1543.2 - November 30, 2012

The purpose of this instruction is to establish policy and procedures for Department of the Navy cyberspace/information technology(IT) workforce (WF) professional development through a continuous learning program (CLP). The CLP requires 40 hours per year of education, training, certification and other activities that support the sustainment and continued improvement of the capabilities of the DON Cyberspace/IT WF.

Processing of Electronic Storage Media for Disposal

DTG 281759Z AUG 12 - August 28, 2012

The purpose of this coordinated Department of the Navy Chief Information Officer, DON Deputy CIO (Navy), DON Deputy CIO (Marine Corps), and DON Information Security Program Authority message is to update policy for the disposal and mandatory physical destruction of electronic storage media.

PKI Interoperability with FVEY Partner Nations on the NIPRNet

DoD CIO Memo - May 8, 2012

The Department of Defense requires its "Five Eyes" (FVEY) partner nations (Australia, New Zealand, Canada, and the United Kingdom) to use Public Key Infrastructure (PKI) for secure communication with DoD personnel on the Nonsecure Internet Protocol Router Network (NIPRNet), and authentication to DoD NIPRNet websites. In February 2006, the FVEY partner nations signed an Annex to the Combined Joint Multilateral Master ...

DON Performance Plan for Reduction of Resources Required for Data Servers and Centers in Support of NDAA FY12

DON Performance Plan - March 20, 2012

This plan details the Department of the Navy's continued efforts to reduce the Navy's overall data center footprint, deliver cost and environmental efficiencies and increase the overall information technology security posture while ensuring Navy and Marine Corps warfighting capability remains strong. This effort aligns directly with the Office of Management and Budget Federal Data Center Consolidation Initiative and the ...

DON Public Affairs Policy and Regulations

SECNAVINST 5720.44C Change 1 - February 21, 2012

The purpose of this instruction is to provide basic policy and regulations for carrying out the public affairs and internal relations programs of the Department of the Navy.

DON Cyber Range Policy Guidance

DON CIO Memo - February 1, 2012

This memo formally establishes Department of the Navy Cyber Range guidance. The Cyber Range provides an operationally realistic environment to support exercises, training, testing and evaluation with no risk to operational networks.

Defense Information System Network and Connected Systems

CJCSI 6211.02D - January 24, 2012

This instruction establishes policy, responsibilities and connection approval process for sub networks of the Defense Information System Network (DISN).

DON Critical Infrastructure Protection Program

SECNAVINST 3501.1C - December 13, 2011

In February 2016, the Under Secretary of the Navy designated the Office of the Deputy Under Secretary of the Navy for Policy (DUSN(P)) as the DON office of primary responsibility for Critical Infrastructure Protection (CIP). While no longer the Secretariat lead for CIP, DON CIO will continue to provide cybersecurity support and advice to DUSN(P). This instruction provides policy and delineates specific ...

Program Protection Plan Outline and Guidance

DoD Guidance - July 18, 2011

This document provides an outline, content and formatting guidance for the Program Protection Plan (PPP) required by DoDI 5000.02 and DoDI 5200.39. The outline structure and tables are considered minimum content that may be tailored to meet individual program needs. The guidance is based on the July 18, 2011, memo, "Document Streamlining -- Program Protection Plan," which can be found on the first page of the ...

DON Secure Hash Algorithm Migration

DON CIO Memo - June 15, 2011

This memo provides the Department of the Navy with execution guidance in response to Department of Defense (and Federal Government) direction to migrate to the use of a stronger cryptographic hash algorithm for network security (authentication activities including CAC logon and digital signatures).

Organizational Realignments and Designation as the DON DCIO (Navy) and the DON DCIO (Marine Corps)

UNSECNAV Memo - May 11, 2011

The purpose of this memo is to establish a common enterprise approach between the functions of the DON CIO and the Navy and Marine Corps. This renewed approach is designed to strengthen the integration and success of the Department's IM, IT (to include national security systems) and cyberspace (excluding intel, attack and exploit), and information resource management operations, procurement and business processes.

DON Public Key Enablement Waiver Request Process for Unclassified Networks, Private Web Servers, Portals and Web Applications

DTG 211312Z APR11 - April 21, 2011

This Naval message updates guidance for requesting public key enablement waivers through the Department of Defense Information Technology Portfolio Repository-DON. While the requirement for a waiver for a system that is not public key enabled has not changed, the process was incorporated into the DON Enterprise Architecture compliance assessment.

DON Information Technology/Cyberspace Efficiency Initiatives and Realignment

UNSECNAV Memo - December 3, 2010

This memo addresses information technology/cyberspace efficiency initiatives and realignment in the Department of the Navy. It underscores the challenge by the Secretary of Defense to think about the DON's approach to IT initiatives and to centralize and consolidate efforts where it makes sense. This memo directs the DON Chief Information Officer to take the lead for the Department for this endeavor, noting that it is a ...

DoD Acceptance and Use of Personal Identity Verification-Interoperable (PIV-I) Credentials

DoD CIO Memo - October 5, 2010

This Department of Defense Deputy Chief Information Officer memorandum establishes the DoD's position on acceptance and use of qualified Personal Identity Verification Interoperable (PIV-I) credentials for access to DoD logical and physical resources. Where appropriate, DoD relying parties (e.g., DoD installation commanders or information systems owners) should accept electronically validated PIV-I credentials for ...

DON Electronic Signature Policy

SECNAVINST 5239.21 - August 27, 2010

This policy establishes electronic signature policy for the Department of the Navy consistent with Federal and Department of Defense legislation and policies. This policy is not a mandate to replace handwritten signatures with electronic signatures but rather is a policy to adopt electronic signatures as the preferred means of conducting business transactions within the DON.

Safeguarding Classified National Security Information

DTG 192014Z AUG 10 - August 19, 2010

The purpose of this Naval message is to reinforce how personnel store and distribute national security information (NSI), as well as to remind personnel of their responsibility to safeguard NSI commensurate with level of classification until the information is declassified by the appropriate original classification authority.

Information Assurance Policy Update for Platform Information Technology

DON CIO Memo 02-10 - April 26, 2010

The purpose of this memo is to update the Department of the Navy Information Assurance (IA) Platform Information Technology (PIT) policy. DON Platform IT is a concept for risk management and approval of DON IT systems that do not interconnect with Department of Defense networks and the Global Information Grid. The DON PIT policy stresses that IA requirements still apply to PIT systems and provides guidance to PIT policy ...

Safeguarding Personally Identifiable Information

UNSECNAV Memo - February 12, 2010

This memo conveys the seriousness the Under Secretary of the Navy places on personal privacy and the safe management of Department of the Navy personally identifiable information (PII) and his intention to make eradicating further PII breaches a Departmental priority. This includes implementing a DON-wide plan to reduce the collection and use of Social Security numbers.

Single Authoritative Source for DON Task Critical Assets

DTG 201807Z JAN 10 - January 20, 2010

This Naval message declares that Strategic Missions Assurance Data Systems (SMADS) is the single authoritative source of Task Critical Assets (TCAs) for Department of the Navy reporting. It also lists the deadlines for entering TCAs into SMADS, which will better facilitate rapid and consistent DON-level reporting.

Designation of DON Senior Information Assurance Officer

DON CIO Memo - January 15, 2010

The Department of the Navy Chief Information Officer has released a memorandum designating the DON Principal Deputy CIO as the DON Senior Information Assurance Officer (SIAO). The DON SIAO responsibilities include facilitating alignment and consistent application of information management, information technology, and information assurance policies, processes, responsibilities, and procedures across the Department. ...

Public Key Enablement of DON Unclassified Private Web Servers and Applications

DTG 291445Z DEC 09 - December 29, 2009

This Naval message details the steps that must be taken by the Department of the Navy Deputy Chief Information Officers to ensure proper public key enablement of unclassified private web servers and applications. It also requires submission of a service-specific plan of actions and milestones by Jan. 31, 2010.

Modification to Personal Electronic Device Smart Card Reader Compliance Mandate

DTG 231919Z NOV 09 - November 23, 2009

This Naval message modifies the Dec. 31, 2009, compliance requirement established for purchase and installation of personal electronic device smart card readers as a result of shortages and unavailability of the required hardware at the manufacturer level.

Guidelines for Secure Use of Social Media by Federal Departments and Agencies, v1.0

Federal CIO Council Guidance - September 23, 2009

The use of social media for federal services and interactions is growing tremendously, supported by initiatives from the administration, directives from government leaders, and demands from the public. This situation presents both opportunity and risk. Guidelines and recommendations for using social media technologies in a manner that minimizes the risk are analyzed and presented in this document. This document is ...

DITPR and DoD SIPRNET IT Registry Guidance

DoD Memo - August 10, 2009

This memo rescinds and replaces the Sept. 6, 2007, Department of Defense Information Technology Portfolio Repository (DITPR) and DoD SIPRNET IT Registry Guidance 2007-2008 memo. This memo directs that all IT and National Security Systems must be registered in DITPR.

Security of Unclassified DoD Information on Non-DoD Information Systems

ASD(NII) Directive-Type Memorandum 08-027 - July 31, 2009

This Assistant Secretary of Defense (Networks and Information Integration) Directive-Type Memorandum establishes policy for managing the security of unclassified Department of Defense information on non-DoD information systems. A list of frequently asked questions provides information and direction for implementation in the Department of the Navy.

DoD Information System Certification and Accreditation Reciprocity

DoD Memo - July 23, 2009

This memo provides a systematic, repeatable process for ensuring timely reciprocity of Department of Defense information systems and will advance information sharing, and reduce rework and cycle time when establishing Combined/Joint ISs/Networks.

DON Information Assurance Policy

SECNAVINST 5239.3B - June 17, 2009

This instruction establishes information assurance (IA) policy for the Department of the Navy consistent with national and Department of Defense (DoD) policies. It also designates the DON Chief Information Officer as the DON official assigned responsibility and delegated authority in order to ensure Federal, DoD and DON IA requirements are carried out within the Department of the Navy.

DON Privacy Impact Assessment Guidance

DTG 181430Z MAY 09 - May 18, 2009

This Naval message implements the Department of Defense Privacy Impact Assessment (PIA) guidance of Feb. 12, 2009, for the Department of the Navy. The following is highlighted: The guidance expands PIA coverage from just members of the public to include Federal personnel, Federal contractors, and Foreign Nationals employed at U.S. military facilities abroad. PIAs are required for legacy systems and electronic ...

DON Information Assurance and Certification & Accreditation Concept of Operations

DON CIO Memo - May 13, 2009

This memo provides guidance for the interactions among the Service Certifying Authorities (CAs), Service Designated Accrediting Authorities (DAAs), and the DON Senior Information Assurance Officer (SIAO). These interactions are based on the business rules stated in the Dec. 18, 2008, memorandum, Senior Information Assurance Officer Alignment and Responsibilities for Information Assurance and Certification and Accredi

Computer Network Defense Roadmap 2009

DON Guidance - April 28, 2009

The purpose of the Department of the Navy Computer Network Defense (CND) Roadmap is to communicate the DON strategy for sustaining and improving CND now and in the future as the DON transitions to the Naval Networking Environment (NNE). In this age of network-centric warfare, computer and network technologies are diffused into virtually all military systems, and interconnected military units operate cohesively. CND is ...

DoD NIPRNET DMZ HTTP Whitelist Testing

DTG 241757Z APR 09 - April 24, 2009

This Naval message is about the NIPRNet Hardening Initiative. The first increment of this initiative involves the registering, testing, and restricting access to and from the Internet of all public-facing File Transfer Protocol (FTP), web, e-mail and Domain Name System (DNS) servers. The first step in this first increment was successfully completed. The DON CIO congratulates all involved for a job well done. This message ...

Information Management/Information Technology Policy for Fielding of Commercial Off the Shelf Software

SECNAVINST 5230.15 - April 10, 2009

SECNAVINST 5230.15 mandates that all COTS software in use across the Department of the Navy be vendor supported. DON organizations desiring to continue to use COTS software that is no longer supported must request and receive a waiver to this policy.

DON Information Assurance Workforce Management Oversight & Compliance Council Charter

DON Charter - March 16, 2009

This charter establishes the DON Information Assurance Workforce Management Oversight and Compliance Council (IAWF MOCC). The IAWF MOCC will provide DON-wide oversight of, and ensure compliance with, the IAWF improvement program. The IAWF MOCC will oversee development of IAWF education, training and certification standards.

Cyberspace Policy and Administration Within the DON

SECNAVINST 3052.2 - March 6, 2009

This instruction establishes policies and responsibilities for the administration of cyberspace within the Department of the Navy.

DoD Privacy Impact Assessment Guidance

DoD Instruction 5400.16 - February 12, 2009

This instruction establishes policy and assigns responsibilities for completion and approval of privacy impact assessments to analyze and ensure personally identifiable information in electronic form is collected, stored, protected, used, shared and managed in a manner that protects privacy.

DON Enterprise Data At Rest Solution For All Non-NMCI Assets

DTG 312021Z JAN 09 - January 31, 2009

This Naval message announces the availability of the Department of Navy Data At Rest Enterprise Solution for Non-NMCI assets and ends the moratorium on DAR software purchases. Implementation of this solution enables compliance with Department of Defense, Joint Task Force-Global Network Operations and DON policy mandates for encryption of sensitive information on mobile computing devices and portable storage media.

Amplification Guidance for Purchase and Installation of Personal Electronic Device Smart Card Readers

DTG 281919Z JAN 09 - January 28, 2009

This Naval message provides amplification guidance for the purchase and installation of Common Access Card readers on all Personal Electronic Devices including BlackBerrys. It also identifies the procurement options for the required hardware.

DON Personally Identifiable Information Training Requirement

DTG 181905Z DEC 08 - December 18, 2008

This Naval message emphasizes that personally identifiable information (PII) annual awareness training is foundational to the safeguarding of PII and key to understanding the Department's breach reporting responsibilities. It explains how DON leadership must continually reinforce PII awareness, through training, so that personnel properly safeguard privacy sensitive information in order to improve business processes.

Senior Information Assurance Officer Alignment and Responsibilities for Information Assurance and Certification and Accreditation Processes

DON CIO Memo - December 18, 2008

This memo aligns Senior Information Assurance Officer responsibilities for the Department of the Navy with requirements in the DoD Information Assurance Certification and Accreditation Process (DIACAP) Instruction 8510.01.

DON Policy Updates for Use of NIPRNET Public Key Infrastructure Software Certificates

DTG 031859Z DEC 08 - December 3, 2008

This Naval message details policy changes that have been made as a result of an impact assessment and data call conducted by the DON CIO to understand where software certificates are used in the Department's unclassified environments.

Protecting Personally Identifiable Information on DON Shared Drives and Application Based Portals

DTG 201839Z NOV 08 - November 20, 2008

This Naval message reinforces current Department of the Navy policy aimed at reducing the number and potential impact of lost, stolen or compromised personally identifiable information (PII) to Sailors, Marines, government personnel, dependents and DON contractors.

Web 2.0: Utilizing New Web Tools

DON CIO Memo - October 20, 2008

The purpose of this memo is to provide initial guidance for all Navy and Marine Corps commands regarding the use of emerging web tools to facilitate collaboration and information sharing in the Department ofthe Navy. These tools, described in enclosure (I) include wikis, blogs, mash ups, web feeds (such as, Really Simple Syndication and Rich Site Summary (RSS) feeds), and forums, which are often referred to as components ...

DON Policy Updates for Personal Electronic Devices Security and Application of Email Signature and Encryption

DTG 032009Z OCT 08 - October 3, 2008

This Naval message provides updates to the DON policy for digital signature and encryption of email. It also provides updated budget guidance for procurement and use of Smart Card Reader technology to support digital signature and encryption of email from Personal Electronic Devices.

NMCI Information Bulletin, Data at Rest Encryption Solution Implementation

DTG 212100Z AUG 08 - August 22, 2008

This Naval message contains information and outlines actions for NMCI users to prepare for the rollout of GuardianEdge, which will be implemented on all NMCI NIPR computers and removable storage devices (thumb drives, data CD, etc.) used on NMCI.

Approval of External Public Key Infrastructures

DoD CIO Memo - July 22, 2008

This Department of Defense memo approves the use of Public Key Infrastructure certificates issued by non-DoD external organizations after successful completion of interoperability testing.

Department of the Navy DoD Information Assurance Certification and Accreditation Process Handbook

DON Handbook - July 16, 2008

The Department of the Navy DoD Information Assurance Certification and Accreditation Process (DIACAP) Handbook details the baseline DON approach to the DIACAP and the procedures necessary to obtain an accreditation decision for DON information systems undergoing the C&A actions as required under Federal law, and DoD and DON regulations and directives. In addition to this handbook, service unique guidance will be ...

DON Naval Networking Environment (NNE)~2016 Strategic Definition, Scope and Strategy

DON Strategy Document - May 13, 2008

A multidisciplinary team from across the Department of the Navy developed this document, which outlines our future vision for a robust and highly interconnected enterprise networking capability in the 2016 timeframe to fully support the needs of our warfighting and warfighting-support organizations and personnel. The vision and strategy outlined in this document shall be used as a guide for ensuring alignment of our ...

Public Key Infrastructure Software Certificate Minimization Effort for DON Unclassified Environments

DTG 122213Z MAY 08 - May 12, 2008

This Naval message announces increased attention being focused across the Department of the Navy to minimize the use of PKI software certificates.

Designation and Sharing of Controlled Unclassified Information

White House Memo - May 7, 2008

This memo adopts, defines and institutes "Controlled Unclassified Information" (CUI) as the single, categorical designation henceforth throughout the executive branch for all information within the scope of that definition.

DON Computer Network Incident Response and Reporting Requirements

SECNAVINST 5239.19 - March 18, 2008

This instruction establishes Department of the Navy incident response policy to align and integrate DON computer incident response and reporting requirements with Department of Defense policy guidance.

Information Systems Restoration and Data Recovery Related to Catastrophic Events

DTG 142031Z MAR 08 - March 14, 2008

This Naval message reiterates policy, direction and guidance regarding Continuity of Operations (COOP) planning as it relates to information technology systems. Additionally, this message directs that COOP plans will address connectivity to data and services that reside on Department of the Navy networks and communications considerations; establish-IT related processes and procedures to identify IT damage and ...

DON Contingency Plans and Testing Guidance

DTG 291600Z FEB 08 - February 29, 2008

This Naval message provides Department of the Navy requirements for resolving deficiencies in contingency planning identified by a Department of Defense Inspector General audit and ensuring DON policy aligns with information assurance requirements.

Loss of Personally Identifiable Information Reporting Process

DTG 291652Z FEB 08 - February 29, 2008

This Naval message announces the updated reporting process to be used when there is a known or suspected loss of Department of the Navy personally identifiable information. It includes new and existing requirements for incident reporting recently issued by the Office of Management and Budget and the Department of Defense. View sample breach notification letter. View

DON Guidance on Wireless Local Area Network Implementation of the 802.11I Standard

DTG 241518Z JAN 08 - January 24, 2008

This Naval message provides guidance governing the implementation of wireless local area network (WLAN) solutions using the IEEE 802.11 body of standards, commonly referred to as WiFi. The primary focus of this effort is unclassified wireless networking solutions.

DON Web Presence Policy: The Registration, Compliance of, and Investment in, All Unclassified Web Sites and Uniform Resource Locators

Joint DON CIO and CHINFO Memo - October 17, 2007

This policy provides Department of the Navy guidance for governing the registration, content, compliance, and investment of all unclassified DON web sites and their associated Uniform Resource Locators. The policy applies to all DON commands and activities with unclassified web sites (publicly accessible or access restricted) designed, developed, procured or managed by DON activities and/or hosted and managed by their ...

DON Encryption of Sensitive Unclassified Data at Rest Guidance

DTG 091256Z OCT 07 - October 9, 2007

This Naval message provides guidance regarding the move to choose an enterprise solution to encrypt sensitive Data at Rest (DAR) and states that commands should hold off on purchasing DAR products and services until an enterprise solution is identified.

DON Personally Identifiable Information Annual Training Policy

ALNAV 070/07: R 042232Z OCT 07 - October 4, 2007

This ALNAV message stresses the seriousness of safeguarding personally identifiable information (PII) across the Department by establishing an annual PII awareness training requirement, as well as completing semi-annual command level PII compliance spot checks. View PII Spot Check Form.

Roles and Responsibilities of the DON Deputy Senior Information Assurance Officer for Computer Network Defense

DON CIO Memo - September 27, 2007

This memo establishes the roles and responsibilities of the Department of the Navy Deputy Senior Information Assurance Officer for Computer Network Defense (DON Deputy SIAO for CND). The DON Chief Information Officer Information Assurance and Network Security Team Lead has been named the DON Deputy SIAO for CND and will report to the DON SIAO.

DON Security Guidance for Personal Electronic Devices

DTG 202041Z AUG 07 - August 20, 2007

This Naval message provides guidance for the use of personal electronic devices (PEDs). Commands are encouraged to immediately begin transition to PEDs that support digital signature and encryption. Effective March 31, 2008, use of PEDs that are not natively compliant or have not upgraded to meet the requirements will no longer be permitted.

Safeguarding Personally Identifiable Information from Unauthorized Disclosure

DTG 232026Z JUL 07 - July 23, 2007

This Naval message defines personally identifiable information (PII) and emphasizes the importance of its proper handling following more than 100 incidents of PII loss during the past 18 months.

Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media

DoD Memo - July 3, 2007

This memo establishes additional DoD policy for the protection of sensitive unclassified information on mobile computing devices and removable storage media. It applies to all DoD Components and their supporting commercial contractors that process DoD information.

Safeguarding Personally Identifiable Information

DTG 171952Z APR 07 - April 17, 2007

This Naval message establishes interim policy for the handling of personally identifiable information when stored on government furnished laptop computers, other mobile computing devices and removable storage media (e.g., removable hard drives, thumb drives, blackberries, personal digital assistants, compact discs and DVDs).

Common Access Card Eligibility for Foreign National Personnel

DoD Memo - March 9, 2007

This memo authorizes the issuance of CACs to foreign national partners who have been properly vetted and who require access to a DoD facility or network logon access to meet a DoD mission. This would apply to DoD sponsored foreign national military, government, and contractor personnel.

Compliance and Review of Logical Access Control in DoD Processes

DoD Memo - January 24, 2007

This Department of Defense policy memo requires the review of NIPRNET web sites to ensure proper configuration of mandatory/discretionary access controls on private web servers, web-based applications and web portals. It underscores the need for implementation of access controls for rules-based authorization decisions, in addition to use of Public Key Infrastructure for user authentication.

Policy for Digital Signature Functionality and Acceptance

USD P&R Policy Memo - December 12, 2006

This memo establishes Department of Defense policy for the adoption and use of digital signature as a standard business practice for all Human Resources Management (HRM) and Compensation business processes that require a signature.

Protection of Sensitive Agency Information

OMB Memo 06-16 - June 23, 2006

This memo provides a checklist from the National Institute of Standards and Technology for the protection of remote information. The intent of implementing the checklist is to compensate for the lack of physical security controls when information is removed from, or accessed from outside the agency location. This memo includes additional actions for departments and agencies to take to protect sensitive information.

Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency IT Investments

OMB Memo 06-19 - June 23, 2006

This memo provides update guidance on the reporting of security incidents involving personally identifiable information. It also restates existing requirements and explains new requirements.

DoD and DON Privacy Impact Assessment Guidance

DON CIO Memo - June 16, 2006

This memo and enclosures prescribe the Department of Defense and Department of the Navy Privacy Impact Assessment guidance for IT systems that contain information in identifiable form.

DoD-Wide Digital Signature Interoperability

DoD CIO Memo - May 5, 2006

This memo provides direction to incorporate standard digital signature profiles into all applications, systems or processes that use digital signatures. This implementation will lead industry toward interoperable digital signature implementations.

Protection of Sensitive Department of Defense Data at Rest on Portable Computing Devices

DoD Memo - April 18, 2006

This memo provides suggestions on technical means to protect unclassified sensitive information on portable computing devices used within DoD. The measures are in addition to the normal physical security required for such devices so that, if they fall into the wrong hands for any reason, access to the sensitive DoD information they contain will be more difficult.

DON FISMA Guidance

DON Guidance - March 20, 2006

This guidance document provides a foundation for improving the Department of the Navy's information assurance (IA) posture and outlines courses of action to comply with the requirements of the Federal Information Security Management Act of 2006. The document supports and complements current SECNAV IA Policy (SECNAVINST 5239.3B), bolsters established policies and procedures to ensure FISMA compliance, improves the DON's ...

DoD Implementation Guide for Transitional PIV II SP 800-73 v1

DoD Guide - March 1, 2006

This guide specifies technical details for implementing interagency PIV I and PIV II National Institute of Standards and Technology Special Publication 800-73v1 requirements in the DoD CAC environment. It documents how the DoD common access card and middleware are implemented with PIV.

Federal Information Processing Standard 201-1: Personal Identity Verification of Federal Employees and Contractors

FIPS 201-1 - March 1, 2006

This standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors. The goal is to achieve appropriate security assurance for multiple applications by efficiently verifying the claimed identity of individuals seeking physical access to Federally controlled government facilities and electronic access to government information systems.

National Industrial Security Program Operating Manual

DoD 5220.22-M - February 28, 2006

This manual prescribes requirements, restrictions, and other safeguards that are necessary to prevent unauthorized disclosure of classified information and to control authorized disclosure of classified information.

DON Privacy Program

SECNAVINST 5211.5E - December 28, 2005

SECNAVINST 5211.5E implements the Privacy Act of 1974 per the Department of Defense Privacy Program Directive and Regulation ensuring that all DON military members and civilian/contractor employees are made fully aware of their rights and responsibilities with regards to privacy. The program attempts to balance the government’s need to maintain information with the obligation to protect individuals against unwarranted ...

DoD Compliance with Electronic Biometric Transmission Specification

DON CIO Memo - December 15, 2005

This memo forwards memorandum from the Department of Defense Biometrics Executive Agent that mandates all new acquisitions or upgrades of electronic biometric collection systems used by DoD components conform with the DoD electronic biometric transmission specifications.

DON Information Assurance Manual

SECNAV M-5239.1 - November 1, 2005

This manual implements the policy set forth in SECNAVINST 5239.3B: Department of the Navy Information Assurance Policy and is issued under the authority of SECNAVINST 5430.7N: Assignment of Responsibilities and Authorities in the Office of the Secretary of the Navy. It is intended to serve as a high-level introduction to information assurance and IA principles. It discusses common IA controls and associated requirements ...

Withholding of Information that Personally Identifies DoD Personnel

DoD Memo - September 1, 2005

Organizations outside the Federal Government often approach Department of Defense personnel to obtain updated contact information for their publications, which are then made available to the public. The information sought usually includes names, job titles, organizations, phone numbers and room numbers. The DoD director of Administration and Management issued a policy memo Nov. 9, 2001, that provided greater protection ...

DON Privacy Impact Assessment Format Guidance

DON Guidance - October 27, 2004

This summary provides the Department of the Navy format for system assessors to use when conducting a Privacy Impact Assessment.

DON Public Key Infrastructure Implementation Guidance

DTG 061525Z OCT 04 - October 8, 2004

This Naval message provides amplifying public key infrastructure implementation guidance.

Policy for a Common Identification Standard for Federal Employees and Contractors

HSPD-12 - August 27, 2004

This Homeland Security Presidential Directive establishes a government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors (including contractor employees). This standard will result in enhanced security, increased Government efficiency, reduced identity fraud, and protection of personal privacy.

Critical Infrastructure Identification, Prioritization and Protection

HSPD-7 - December 17, 2003

This Homeland Security Presidential Directive establishes a national policy for Federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks.

National Preparedness

HSPD-8 - December 17, 2003

This Homeland Security Presidential Directive establishes policies to strengthen the preparedness of the United States to prevent and respond to threatened or actual domestic terrorist attacks, major disasters, and other emergencies. It requires a national domestic all-hazards preparedness goal, establishing mechanisms for improved delivery of Federal preparedness assistance to state and local governments, and outlining ...

Smart Card Senior Coordinating Group

Department of Defense Charter - April 14, 2000

By direction of Congress, the Secretary of Defense chartered a Smart Card Senior Coordinating Group to develop and implement department-wide interoperability standards for use of smart card technology and a plan to exploit smart card technology as a means for enhancing readiness and improving business processes.

News

DON IT Conference Presentations Available

May 24, 2017

Presentations given during the DON IT conference sessions held in Norfolk, VA, May 16-18, are now available by request. Please submit your request by using the "Contact Us" link located in the DON CIO Information section.

DON IT East Final Conference Program Available

May 9, 2017

The DON IT Conference East 2017 schedule is now available. For those not attending in person, conference sessions will be available via DCS.

The DON's High "Innovation Quotient"

by Robert Foster - April 17, 2017

The need for innovation never diminishes – to harness technology; to do more with less in budget challenged environments; to challenge the status quo. The Department of the Navy continues to cultivate an environment that promotes, fosters, and rewards innovation.

Join Us At DON IT East 2017

April 7, 2017

The conference has been approved for May 16-18, 2017 at the Hilton Norfolk The Main. Pre-registration is now closed. The TAD registration limit has been met and registration is now limited to local attendees in a non-TAD status. Local attendees may register onsite on all three days of the conference. Some conference activities may be limited for these attendees.

Basic Cybersecurity Tips to Keep Your Data Safe

January 12, 2017

When using a laptop at work and/or at home, you should be taking a few basic steps to keep your data safe and your system operational.

Everything You Need To Know About Cyber Awareness Training

November 14, 2016

Cybersecurity and Information System Security Awareness Training is a Fiscal Year requirement for all personnel that access information systems on unclassified or secret networks. This means after Oct. 1st of each year, the training needs to be done again for that year. Each person can satisfy the training requirement by completing one of the following: Cyber Awareness Challenge, Cyber Awareness Challenge Intelligence ...

DON IM/IT Excellence Awards Nominations Due Dec. 5

November 8, 2016

Nominations are now being accepted for the DON Information Management/Information Technology (IM/IT) Excellence Awards. Submissions are due by Dec. 5, 2016. The awards recognize the superior efforts of IM/IT projects, teams, and individuals in helping to transform DON information technology.

Privacy Tips

by DON CIO Privacy Team - November 8, 2016

Privacy Tips are meant to increase awareness about privacy issues that impact the Department of the Navy by highlighting a specific topic. Feedback or suggestions for future topics are welcomed.

PII Breach Articles from CHIPS Magazine

November 3, 2016

The following is a list of CHIPS Magazine articles about personally identifiable information (PII) breaches based on factual reports sent to the DON CIO Privacy Office. Incidents such as these will be reported in each subsequent issue of CHIPS Magazine.

Strengthening the DON’s Cybersecurity Posture

by Robert Foster - October 31, 2016

With increasing frequency, we read about computer networks being hacked — in both the public and private sectors. You may have been affected by one of the latest incidents on your own home network, the attack that brought several popular websites, including Amazon, Twitter and Netflix, to a standstill for hours. Though it did not affect our DON network, it is a compelling reminder that cyber intrusions are increasing in ...

DON Cyberspace (Cyber) IT and Cybersecurity Workforce - Who Are We?

by Chris Kelsall - September 14, 2016

Remember Clinger-Cohen and the original Federal Information Security Management Act (FISMA), when it was called the Information Technology, Information Management, Information Resources Management and Information Assurance (IT/IM/IRM/IA) Workforce? That was 10 years ago. Since then, the world has moved on to cyber and cybersecurity, with a lot of workforce definitions and titles coming and going - and staying....

DON Cyberspace (Cyber) IT and Cybersecurity Workforce Credentialing

by Chris Kelsall - September 14, 2016

With the publication of DoD Directive 8140.01, "Cyberspace Workforce Management" and Secretary of the Navy (SECNAV) Instruction 5239.20A, "Department of the Navy Cyberspace Information Technology and Cybersecurity Workforce (DON Cyber IT/CSWF) Management and Qualification," a new approach to education, training and Cyber IT/CSWF qualification will occur. ...

SECNAV M-5239.2 Significantly Revises DON Cyber/IT Workforce Policy

June 30, 2016

SECNAV Manual 5239.2, "DON Cyberspace IT and Cybersecurity Workforce Management and Qualification," was signed by the Secretary of the Navy on June 27, 2016. The manual updates Department of Navy workforce policy and responsibilities to support the DON's transition from the Information Assurance Workforce Program to the new DoD Cyberspace Workforce structure.

Personal PEDs Allowed in Select DON Spaces

June 20, 2016

Did you know you can use your personal portable electronic devices in select DON spaces? ...

13th Annual C4 Awards Dinner Honors Marine Corps Award Winners

May 6, 2016

Congratulations to the following Marine Corps team and individual award winners. They were recognized at the 13th Annual C4 Awards Dinner on April 21, by the Marine Corps Association and Foundation.

DON CIO Awards Recognize Information Management and Information Technology Excellence

by Navy News Service - April 20, 2016

Department of the Navy Chief Information Officer (DON CIO) Robert Foster recognized more than 10 individuals and teams for transforming the Navy and Marine Corps through information technology during a ceremony at the Washington E. Walter Convention Center April 20.

DON CIO Congratulates 2016 DON IM/IT Award Winners

March 4, 2016

The Department of the Navy Chief Information Officer is pleased to announce the winners of the 2016 DON IM/IT Excellence Awards. The awards recognize teams and individuals for various categories of awards related to information management and information technology. The following were selected as the 2016 winners.

SSN Reduction Related Articles from CHIPS Magazine

by DON Privacy Team - February 26, 2016

The following is a list of CHIPS Magazine articles on the Department of the Navy's (DON's) Social Security Number (SSN) Reduction program and related success stories received by the DON CIO Privacy Office. Additional articles such as these will be reported in each subsequent issue of CHIPS Magazine.

DON CIO Issues Memo Updating the Acceptable Use of DON Information Technology

February 12, 2016

This February 12, 2016 memorandum updates existing policy and specifies the acceptable use of DON IT. This policy is a coordinated effort between the Deputy Under Secretary of the Navy for Policy (DUSN(P)) Security and the DON CIO as part of the DON's cyber/traditional security partnership for the protection of national security information and information systems. View the entire memo

Taking Advantage of Learning and Networking Opportunities

by Rob Foster - February 4, 2016

It is very important to me to spend time meeting with Department of the Navy (DON) stakeholders to maintain active communication and feedback channels. I have made it a point to get out of the Pentagon and visit various Navy and Marine Corps commands to see for myself the excellent IT-related work that’s taking place and hear directly about IT-related challenges and concerns. I have strongly encouraged the DON Chief ...

Strengthening Cybersecurity Awareness

by Rob Foster - October 29, 2015

While October was designated as National Cybersecurity Awareness month it is always an opportune time to address what the Department is doing to strengthen our security posture as well as reinforce the importance of practicing the utmost care whenever we use a government computer and access a government network. More...

Navy Cybersecurity Communications Campaign Begins

October 21, 2015

Did you know that October is National Cybersecurity Awareness Month? Though Cybersecurity Awareness Month is a national initiative under leadership from the U.S. Department of Homeland Security and the National Cybersecurity Alliance, OPNAV N2/N6 is using this month as the kick-off for a year-long campaign to change the culture of the Navy with respect to cybersecurity.

Customize Your Email to Make Signing/Encrypting Messages Easier

by DON CIO Privacy Team - August 3, 2015

The most commonly reported PII breach in the Department of the Navy is also one of the easiest breaches to prevent: failure to encrypt an email message containing personally identifiable information (PII). In August 2014, failure to encrypt email resulted in almost half of all PII breaches reported, impacting a significant number of DON personnel. More...

Carter Unveils New DoD Cyber Strategy in Silicon Valley

by Cheryl Pellerin, DoD News, Defense Media Activity - April 23, 2015

Defense Secretary Ash Carter today unveiled the Defense Department's second cyber strategy to guide the development of DoD's cyber forces and to strengthen its cyber defenses and its posture on cyber deterrence.

The Time for Digital Spring Cleaning is Now!

by National Cyber Security Alliance - April 10, 2015

The National Cyber Security Alliance (NCSA) and Better Business Bureau (BBB) say now is the perfect time for a "digital spring cleaning." In many households, spring cleaning is an annual ritual marked by clearing out closets, basements and garages, de-cluttering cabinets and getting everything spic and span. While making sure your home is in tip-top shape, don’t forget about getting a fresh start with your online ...

DON CIO Congratulates Award Winners

February 20, 2015

The Department of the Navy Chief Information Officer is pleased to announce the winners of the 2015 DON IT Awards. ...

Secure Your Social Media Presence

October 20, 2014

Attempted intrusions into DoD networks by spear-phishing or a social media based attack occur frequently. While it is legal to access social media sites from your DoD computer, there are precautions that you should take to make both your personal information and our government networks safe from attack. ...

Get Involved in National Cybersecurity Awareness Month

October 9, 2014

National Cybersecurity Awareness Month (NCSAM) – celebrated every October - was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

Using Blind Copy Feature Protects PII

September 15, 2014

Personally identifiable information (PII) should only be shared or accessible to those with a need to know. PII includes government email addresses as well as personal email addresses. A best practice when sending emails to a large number of individuals is to use the BCC (blind copy) feature. ...

DoD Instructions Lead to Change in Cybersecurity Term

August 25, 2014

As a result of the implementation of the new Department of Defense Cybersecurity and Risk Management Framework instructions (DoDI 8500.01 and DoDI 8510.01), the term information assurance has been changed to cybersecurity. ...

No Loss of PII Reported in OPM Network Breach

July 11, 2014

Recent media accounts have reported a breach of the Office of Personnel Management (OPM) network. At this time, neither OPM nor the United States Computer Emergency Readiness Team (US-CERT) has identified any loss of personally identifiable information for any users of OPM's internal or external systems. There is no need for additional action from employees and customers related to this incident.

Keep Kids Safe Online This Summer

June 12, 2014

With kids out of school for the summer, it's easy for parents and kids to shift their focus from education to fun. Parents want to make sure their kids are having fun and staying safe at the same time, and this should apply to all activities, from riding bikes, to swimming, to being online. Summer means kids will have more free time, which may mean more time on the computer. June is National Internet Safety Month, a time ...

Building on DON Success; Meeting New Challenges

by Barbara Hoffman - June 9, 2014

It has been a privilege to serve in leadership positions for the Department of the Navy Chief Information Officer, including as Director of both the E-business and Investment Management teams, Principal Deputy for two very talented DON CIOs, and now as the DON CIO (Acting). Our business IT environment has evolved dramatically over this timeframe, in technology advances as well as in operational and fiscal challenges.

Significant Security Risk For Users Of Internet Explorer 6 Through 11 Discovered

May 1, 2014

A significant vulnerability has recently been identified in Microsoft Internet Explorer versions 6 through 11. This vulnerability allows cyber attackers remote access and control of users' systems through websites hosting malicious code. In order to take advantage of this vulnerability, attackers will attempt to lure users to contaminated sites using phishing attacks.

HeartBleed: What Does This Cyber Vulnerability Mean To You?

by Robert C. Hembrook - April 11, 2014

Recent news articles have discussed a newly discovered cybersecurity vulnerability given the nickname "Heartbleed." Heartbleed involves the Secure Sockets Layer (SSL), which enables secure transactions across the World Wide Web (e.g., https sites). Without SSL, everything you send over the Internet is sent in clear text, and can be read by anyone on your network. SSL helps encrypt data so that only the sender and ...

Don't Get Hooked By Spear Phishing

May 20, 2013

"Phishing" is a criminal activity in which an adversary attempts to fraudulently acquire sensitive information by impersonating a trustworthy person or organization via email. "Spear phishing," however, takes this email threat to a new level.

Online Career Catalog To Provide Training Info

April 9, 2013

National Initiative for Cybersecurity Careers and Studies (NICCS) aims to be a single online resource for cybersecurity education and career information. As part of that effort, NICCS houses a Cybersecurity Education and Training Catalog that allows users to find training they need to advance their careers.

DoD ID Number Authorized as Substitute for SSN

December 3, 2012

The Department of the Navy Chief Information Officer Privacy Office reports that 80 percent of all "high-risk" personally identifiable information (PII) breaches involve the Social Security Number (SSN). Recent DON and Department of Defense policy guidance outlines steps that reduce or eliminate the collection, use, display and maintenance of the SSN in DON business practices. As a result, commands are now authorized to ...

Stay Safe Online During the Holidays

November 19, 2012

The upcoming Thanksgiving holiday marks the beginning of the annual holiday shopping season. Every year, more people turn to the Internet as a way to find bargains and conveniently fulfill their shopping list. Before you start your holiday shopping, remember to make sure security measures are in place and you understand the consequences of your actions and behaviors to safely enjoy the benefits of the Internet.

Information Assurance Scholarship Program

August 24, 2012

The Information Assurance Scholarship Program (IASP), authorized by Chapter 112 Title 10 United States Code, is designed to increase the number of qualified personnel entering the information assurance (IA) and information technology fields within the Department. It also serves as a mechanism to strengthen the IA infrastructure through grants, while assisting the Department in addressing emerging IA/IT issues, and as a ...

Master's and Doctorate Level Scholarships Available to DON Personnel

August 24, 2012

Scholarships are being offered for Department of the Navy civilian and military personnel through the Department of Defense Information Assurance Scholarship Program to meet the increasing demand for cyber/information technology professionals with a cybersecurity/information assurance (CS/IA) focus. These scholarships for master's and doctorate level work cover the cost of tuition, fees, and books. They can be used for ...

DoD to Cease Issuance of Software PKI Certificates to FVEY Partner Nations

May 30, 2012

The Department of Defense Chief Information Officer has announced a decision to cease the issuance of software Public Key Infrastructure (PKI) certificates to its "Five Eyes" (FVEY) partner nations (Australia, New Zealand, Canada and the United Kingdom). A memo released on May 8, 2012, states that starting May 31, 2012, the FVEY partner nations that interact with the DoD on the Nonsecure Internet Protocol Router Network ...

NMCI's Ever-Improving Security Profile

May 11, 2012

The Navy Marine Corps Intranet (NMCI) continues to improve its security profile by increasing the use of smartcard credentials for network authentication. The network has established interoperability with Personal Identity Verification (PIV) smartcards issued by non-Department of Defense agencies and departments. ...

Negotiating Contracts for Cloud-Based Software

by Gretchen Kwashnik - January 17, 2012

The federal government's "cloud first" policy, as part of the Federal Chief Information Officer's "25 Point Implementation Plan to Reform Federal Information Technology Management," requires federal agencies to consider cloud computing before making new IT investments and to move at least three applications to the cloud by May 2012.

Safeguarding PII on Shared Drives Continues to be a Challenge

by Steve Muck - January 12, 2012

The following is a recently reported personally identifiable information (PII) data breach involving the posting of a large number of documents containing PII on an activity's shared drive. Incidents such as this will be reported in CHIPS magazine to increase PII awareness. Names have been changed or omitted, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy ...

Department of the Navy in Good Company in IT Efficiencies Way Ahead

by Jessica Pelenberg - November 18, 2011

As the quest for cost saving efficiencies rages on, three government officials spoke about the challenges their organizations are facing and their plans to tackle them at the Fifth Annual C5ISR Government and Industry Partnership Conference held Nov. 16, in Charleston, S.C.

Certification & Accreditation Transformation

by Jennifer M. Ellett - October 27, 2011

Certification and accreditation (C&A) transformation is an initiative to align processes, terminology and frameworks for assessing information security risk across all federal agencies, including the defense and intelligence communities. This effort will provide efficiencies, standardization and support to reciprocity.

Supervisor Sends PII Without Encrypting Email

by Steve Muck & Steve Daughety - October 27, 2011

The following is a recently reported personally identifiable information (PII) data breach involving a Department of the Navy support contractor who improperly handled PII. Incidents such as this will be reported in CHIPS magazine to increase PII awareness. Names have been changed or omitted, but details are factual and based on reports sent to the DON Chief Information Officer Privacy Office.

Telework Driving Demand for Remote Access

by Mike Hernon - October 27, 2011

The Department of the Navy anticipates that personnel will begin teleworking in significant numbers when a new telework policy is released shortly. As a result, there will be explosive growth in the number of users who need to connect to the Navy Marine Corps Intranet and other government networks from remote locations, primarily from a home office, but also from other locations via cellular or Wi-Fi networks.

Acceptable Use of DON IT Resources Detailed

October 10, 2011

The Department of the Navy Chief Information Officer reiterated standing policy on what is considered acceptable use of DON IT resources for official and authorized unofficial purposes with the release of the Oct. 3 message, "Acceptable Use Policy for DON IT Resources."

Reshaping the DON's Approach to Buying and Managing IT Resources

by Floyd Groce and Karen M. Davis - August 15, 2011

As all personnel within the Department of Defense and across the federal government are well aware, this is an era of increased budget scrutiny. However, with this scrutiny comes a new opportunity to assess and advance how DoD operates and to improve efficiency across a wide variety of business units and operations. As a significant budget item, the massive information technology infrastructure is no exception and offers ...

Message From the DON CIO: Changing the IT Business Model

by Terry Halvorsen - July 27, 2011

The Department of the Navy must change the way it manages its business information technology (IT) systems. It is the reality of these fiscally constrained times; and frankly, it is the right thing to do as good stewards of taxpayer money.

DON Digital Signature and Encryption Policy for Emails Containing PII

by DON CIO Privacy Team - July 18, 2011

The purpose of this tip is to reinforce existing DON policy regarding digitally signing and encrypting emails that contain personally identifiable information (PII).

DON to Migrate to Use of Stronger Cryptographic Algorithms

July 7, 2011

The Department of the Navy Chief Information Officer released guidance directing the Department's migration to the use of a stronger cryptographic hash algorithm in data security authentication procedures such as CAC logon and digital signatures.

Why IT Efficiencies?

by Terry Halvorsen - May 4, 2011

Why is the Department of the Navy aggressively pursuing information technology efficiencies? There are a number of contributing factors that led to the recent focus on efficiencies, but the primary catalyst is the realization by Department of Defense and DON leadership that from a fiscal perspective we cannot continue to do business the same old way, or it will adversely affect our ability to direct necessary resources ...

PKE Waiver Process Is Updated

May 3, 2011

The process for requesting waivers for systems that have not been properly Public Key Enabled (PKE) has been updated. System owners requesting a PKE waiver must now also assert the system's overall compliance with the DON Enterprise Architecture.

2011 DON Fed 100 Award Winners Announced

March 28, 2011

Three information technology leaders from the Department of the Navy were among this year's Federal 100 Award winners. Federal Computer Week magazine presents the award to 100 professionals from government, industry and academia who have played pivotal roles in affecting how the Federal Government acquires, develops and manages IT.

To Err is Human: Human Error is Main Cause of PII Breaches

by Steve Muck - February 7, 2011

Human error is the cause of 80 percent of the DON's PII breaches. Not knowing or not following guidance, or just being careless can result in the unintended disclosure of privacy sensitive information and potentially adversely affect many personnel.

DoD Memo on PIV-I Credentials Released

October 29, 2010

The Department of Defense Deputy Chief Information Officer recently published a memo for Department-wide distribution on DoD acceptance and use of qualified Personal Identity Verification-Interoperable (PIV-I) credentials for access to DoD logical and physical resources.

DON Electronic Signature Policy Released

August 30, 2010

The Department of the Navy Chief Information Officer has signed out SECNAVINST 5239.21: "Department of the Navy Electronic Signature Policy," making electronic signatures the preferred means of conducting business transactions within the Department.

Cybersecurity/IA Workforce Management Strengthened

July 8, 2010

To ensure continuous oversight and sustainment of the Information Assurance Workforce Improvement Program, the Department of the Navy signed out a new instruction that further defines cybersecurity and information assurance workforce management and assigns compliance responsibilities.

Cellular Devices in Classified Spaces

by Mike Hernon, Tony Soules and Bob Turner - May 22, 2010

Not a week goes by without an inquiry to the Department of the Navy Chief Information Officer or the Navy or Marine Corps Designated Approving Authority (DAA) regarding the desire to bring a commercial wireless device, usually a BlackBerry, into restricted areas where classified information is discussed, stored or otherwise processed.

DON Current and Future PKI and PKE Activities

by James Mauck - May 18, 2010

The Secretary of Defense has embraced public key cryptography as a critical component of defense-in-depth and contributor to the overall Department of Defense information assurance (IA) strategy for protecting its information and networks. DoD Instruction 8520.2, "Public Key Infrastructure (PKI) and Public Key Enabling (PKE)" establishes the requirements for PK-enabling all email, private web servers and networks.

Security for Cloud Computing

by Christopher Perry - May 18, 2010

Achieving and maintaining information dominance will require continuous and timely advances in both technology and operational processes. Cloud computing is one such rapidly emerging area of technology and operations that the Department of the Navy is already planning for and beginning to pilot. To achieve information dominance, it is vital that all new technologies and processes, such as cloud computing, be thoroughly ...

Platform IT Policy Updated

May 5, 2010

As a result of lessons learned during the first year of its execution, the Department of the Navy Platform Information Technology (PIT) policy has been updated to include several key provisions.

Your Office Copier/Printer May Present Information Security Risks

by Steve Muck - March 8, 2010

The following is a recently reported compromise of personally identifiable information (PII) involving the disposal of copiers containing personal information stored on their hard drives. Incidents such as this will be reported to increase PII awareness. Names have been changed or removed, but details are factual and based on reports sent to the DON CIO Privacy Office.

NMCI Gets Into A Hot Spot

by Mike Hernon - March 4, 2010

For years now, Navy Marine Corps Intranet (NMCI) users have jealously eyed the laptop-wielding, Wi-Fi-connected masses in coffee shops, hotels and airports as they turned idle time into productive time. Barred from full network access, NMCI users on the go had to settle for cellular phones, air cards and Outlook Web Access to provide mobile support. While these capabilities provide some fairly productive mobility tools, ...

Identity Management Operations to Improve Cybersecurity

by Sonya Smith - February 26, 2010

The December 2008 report written by the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency, "Securing Cyberspace for the 44th Presidency," began with one central finding: "The United States must treat cybersecurity as one of the most important security challenges it faces."

Protecting PII on Removable Storage Devices

by DON CIO Privacy Team - February 25, 2010

The Department of the Navy, Department of Defense and Office of Management and Budget (OMB) have mandated the protection of data at rest (DAR) on all unclassified network seats/devices. NMCI is implementing a solution using GuardianEdge Encryption Anywhere and Removable Storage software to meet these requirements. All data in computer storage as well as data written to a removable storage device will be encrypted. This ...

2010 DON Fed 100 Award Winners Announced

February 17, 2010

Ten information technology leaders from the Department of the Navy were among this year's Federal 100 Award winners. Federal Computer Week magazine presents the award to 100 professionals from government, industry and academia for their efforts in effecting change, progress and efficiency in determining how the Federal Government acquires, develops and manages IT.

Compliance Spot Checks Key to Successful Privacy Program

by DON CIO Privacy Team - January 1, 2010

ALNAV 070/07 Department of the Navy Personally Identifiable Information (PII) Training Policy states that, "Commanders/Commanding Officers/Officers in Charge will ensure that supervisors conduct a spot check of their assigned area of responsibility, focusing on those areas that deal with PII on a regular basis (e.g., human resources, personnel support, medical, etc.)." The ALNAV also states that the compliance spot check ...

DON CIO Mourns Loss of Admired Colleague

December 28, 2009

The Department of the Navy Chief Information Officer team is mourning the loss of their esteemed colleague Dr. Richard W. Etter, who served more than 34 years in the Department of the Navy, most recently as the DON CIO Director of Cybersecurity and Critical Infrastructure and the DON Deputy Senior Information Assurance Officer for Computer Network Defense. Dr. Etter died of a heart attack Monday, Dec. 21, 2009, while at ...

Theft of Storage Media Containing PII

by Steve Muck - November 29, 2009

The following is a recently reported compromise of personally identifiable information (PII) involving the theft of storage media containing personal information. Names have been changed or removed, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy Office.

Web 2.0: Federal CIO Council Releases Guidelines for Secure Use of Social Media

by Christy Crimmins - November 17, 2009

The use of social media has become a popular topic within the Department of the Navy, Defense Department and across the federal government. As agencies begin to venture into this media, whether it is creating an agency Facebook page or updating constituents via Twitter, precautions must be taken and risks should be assessed. While these tools open up many avenues for broader communication and collaboration, they also ...

Putting Text to the Test

by Mike Hernon and Bob Turner - November 12, 2009

Delivering a robust enterprise mobility capability to the Department of the Navy workforce requires leveraging various wireless tools at our disposal. One such tool, Short Message Service (SMS), or text messaging, is often overlooked but can provide significant benefits when used appropriately.

PII and Records Management

by DON CIO Privacy Team - November 4, 2009

A successful command privacy program must include an aggressive records review and disposal component. While hard copy files cannot be ignored, the volume of electronic data files is a much larger issue and must be aggressively addressed by local commands/units.

Copier/Printer May Present Information Security Risks

by DON CIO Privacy Team - October 6, 2009

Two recent personally identifiable information (PII) breach incidents involving the turn in of reproductive office equipment highlight the fact that many people do not know that copiers and printers present information security challenges.

The Choice Between Wired and Wireless

by Tom Kidd - August 19, 2009

Whether wireless voice, video or data, the number of wireless applications are increasing. Wireless capabilities can be as simple as a wireless doorbell system or as complex as a naval unmanned aerial system providing real-time intelligence to forward-deployed Marines and Sailors. While the use of wireless systems is certainly advantageous for mobile requirements, wired systems retain a number of inherent benefits for ...

DoD Releases Information Systems Certification and Accreditation Reciprocity Memo

August 3, 2009

The Department of Defense has recently published the DoD Information Systems Certification and Accreditation (C&A) Reciprocity Memo signed by the DoD Principal Accrediting Authorities - senior officials who represent the interests of the Global Information Grid Mission Areas for C&A.

DON Information Assurance Policy Released

June 26, 2009

SECNAVINST 5239.3B: "DON Information Assurance Policy" was recently signed establishing IA policy for the Department of the Navy consistent with national and Department of Defense policies. With its 56 references, it provides IA policy for the Department over a broad spectrum, and assigns responsibilities in the DON for developing, implementing, managing and evaluating DON IA programs, policies, procedures and cont

eSeminar Presents: Navigating the CND Roadmap

June 19, 2009

Dr. Richard W. Etter, deputy senior information assurance officer, discusses how the Computer Network Defense (CND) Roadmap highlights the direction the Department of the Navy is heading in terms of future CND capabilities in this recent Washington Technology eSeminar. He also discusses the Department's goal to be more advanced, persistent and sophisticated with the CND t

Protect Your Personal Information: It's Valuable

by DON CIO Privacy Team - June 1, 2009

Why should you protect your personal information? To an identity thief, it can provide instant access to your financial accounts, your credit record and your other personal assets. If you think that no one would be interested in your personal information, think again.

DON IA and C&A Process CONOPS Signed

May 26, 2009

The Department of the Navy Chief Information Officer recently signed the DON Information Assurance and Certification and Accreditation Concept of Operations (CONOPS).

DON Computer Network Defense Roadmap Released

May 8, 2009

The Department of the Navy Senior Information Assurance Officer (DON SIAO) recently signed the "Department of the Navy Computer Network Defense (CND) Roadmap."

Defending Cell Phones and PDAs Against Attack

by DON CIO Privacy Team - May 1, 2009

As cell phones and personal digital assistants (PDAs) become more technologically advanced, attackers are finding new ways to target victims. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device.

Un-Encrypted Email With NSPS Information

by Steve Muck - April 22, 2009

The following is a recently reported compromise of personally identifiable information (PII) involving the transmission of an un-encrypted e-mail which contained National Security Personnel System (NSPS) performance ratings of employees within a Navy region. Names have been changed or removed, but details are factual and based on reports sent to the DON CIO Privacy Office.

Reducing the Use of SSNs is Key to Securing PII

by DON CIO Privacy Team - March 6, 2009

If the Department of the Navy eliminated the use of Social Security numbers (SSN) from email, forms, documents and electronic information technology systems, 80 percent of the personally identifiable information (PII) breaches reported in 2008 would never have occurred. The March Privacy Tip of the Month explores the relationship between SSNs and identity theft. It also provides approaches to reducing the display, ...

Insider Threat

by Steve Muck - February 20, 2009

The following is a reported loss or breach of personally identifiable information (PII) involving a Department of the Navy information system with lessons learned from the event. Names have been changed or removed, but details are factual and based on reports sent to the DON Privacy Office.

DON Enterprise Data At Rest Solution For All Non-NMCI Assets Is Awarded

February 2, 2009

The Department of the Navy enterprise solution for protection of sensitive Data at Rest (DAR) on non-NMCI assets is now available. Implementation of this solution enables compliance with DoD and DON requirements associated with protection of personally identifiable information (PII) and other types of sensitive DAR on mobile computing devices and portable storage media.

Reduce PII Loss by Proper Disposal/Sanitization of Unclass Equipment

by DON CIO Privacy Team - February 1, 2009

During the past year, the Department of the Navy has experienced problems relating to turning in excess information technology and office equipment that contain personally identifiable information (PII).

FISMA Goals Outlined for FY 2009

January 13, 2009

The Department of the Navy released its Federal Information Security Management Act (FISMA) Goals for FY09 in Naval message DTG 081605Z JAN 09. This Naval message provides requirements for individual systems to achieve and maintain 100 percent compliance with the required certification and accreditation, annual security review, annual testing of security controls, and annual evaluation of contingency plans.

Memo Ensures Risk Management Consistency

January 9, 2009

In light of the increased reliability on information systems and an increased visibility of cyber security and number of attacks on systems, the criticality of consistent and thoughtful risk management has been recognized by senior leaders throughout the government.

Action Steps for Identity Theft Victims

January 1, 2009

During the past year, the Department of the Navy has experienced a few documented cases of identity theft linked to the loss of government privacy information. The December 2008 Privacy Tip focused on how thieves steal identities, what they do with the personal information they obtain, and general information about identity theft. This Privacy Tip is reproduced from Department of Justice guidance found on its

What You Should Know About Identity Theft

December 1, 2008

During the past year, the Department of the Navy has experienced a few documented cases of identity theft linked to the loss of government privacy information. This Privacy Tip focuses on how thieves steal identities and what they do with that personal information, as well as general information about identity theft.

Privacy Must be Considered When Using Web 2.0 Tools

November 1, 2008

As outlined in a recently published memo, the Department of the Navy endorses the secure use of Web 2.0 tools to enhance collaboration, streamline processes and foster productivity.

DON DIACAP Transition

by Yuh-Ling Su - October 29, 2008

Process and Security Improvements Under DIACAP On November 28, 2007, the most significant change in security policy in 10 years occurred when the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP) replaced the DoD Information Technology Security Certification and Accreditation Process (DITSCAP). The Department of the Navy commenced full transition to DIACAP on March ...

GSA Awards BPA for Credit Monitoring Services

September 8, 2008

The U.S. General Services Administration awarded Blanket Purchase Agreements (BPAs) to assist Federal agencies in protecting the confidentiality of personal credit and payment information, as well as providing a fast and effective solution for Federal agencies needing commercial-off-the-shelf credit monitoring services, according to its web site.

Safeguarding PII on the Command Shared Drive

September 1, 2008

Recent personally identifiable information (PII) breach reports highlight the need to conduct searches of shared drives throughout the Department to protect employees’ personal information and reduce the risk of identity theft. PII is found most often in documents related to awards, medals, legal issues, medical records and financial data.

Reduce PII in Electronic and Paper Files

by Steve Muck - August 6, 2008

The following is a synopsis of a recently reported loss or breach of personally identifiable information (PII) that highlights common mishandling mistakes made by individuals within the Department of the Navy. Names have been changed, but details are factual and based on reports sent to the DON Privacy Office.

Why Peer-to-Peer File Sharing Is Not a Good Idea

August 1, 2008

Peer-to-Peer (P2P) networks, which link computers directly, allowing users to swap digital movies, music and files with other users without centralized security controls or oversight.

Handbook Provides Cyber Crime Prevention Tips

July 28, 2008

The recently released Department of the Navy Cyber Crime Handbook provides an overview of the definitions, criminal techniques, electronic laws, incident reporting and responses regarding cyber threats to DON personnel and the Department's global network infrastructure.

DON DIACAP Handbook Is Released

July 21, 2008

The DON DoD Information Assurance Certification and Accreditation Process (DIACAP) Handbook provides a comprehensive guide for executing certification and accreditation (C&A) processes within the Department of the Navy.

Guidance Updated for DAR Compliance Effort on Non-NMCI Networks

July 11, 2008

An enterprise solution to encrypt DON data-at-rest (DAR) for non-Navy Marine Corps Intranet (NMCI) networks is anticipated to be available this fall from the Department of Defense Enterprise Software Initiative/SmartBUY Enterprise Software Agreements.

Don't Get Caught by Phishing

July 1, 2008

Phishing is a criminal activity in which an adversary attempts to fraudulently acquire sensitive information by impersonating a trustworthy person or organization. Examples of such practices include manipulated emails that appear to be from the Department of the Navy, Navy Federal Credit Union, Navy Knowledge Online or other recognizable contacts.

Secure Those Laptops

June 13, 2008

Whether due to carelessness or theft, the loss of laptops and other portable electronic devices (especially thumb drives), continues to be one the top contributors to the loss of personally identifiable information (PII).

Information Privacy Professional Certification Available

June 9, 2008

The International Association of Privacy Professionals' (IAPP) mission is to define, promote and improve the privacy profession globally and is the world's largest association of privacy professionals representing more than 5,000 members from business, government and academia across 32 countries. It is the first organization to establish educational and testing credentials for information privacy, i.e., the Certified ...

PII Has No Shelf Life

by Steve Muck - May 14, 2008

The following synopsis of a recently reported loss or breach of personally identifiable information (PII) highlights common mishandling mistakes made by individuals within the Department of the Navy. Names have been changed, but details are factual and based on reports sent to the DON Privacy office.

Use Caution With Wi-Fi

May 13, 2008

From FBI.gov The scenario: You are at the airport waiting for your flight. With time to kill, you are thinking of connecting your laptop to the airport’s Wi-Fi to check your office e-mail, do some personal banking or shop for a gift for your spouse. However, chances are there is a hacker sitting nearby with a laptop attempting to “eavesdrop” on your computer to obtain personal data that will provide access to ...

Computer Network Incident Response and Reporting Instruction Released

April 1, 2008

An instruction that establishes the Department of the Navy’s Computer Network incident response and reporting policy was recently signed out by the DON Chief Information Officer.

Web Site Postings of PII

by Steve Muck - February 8, 2008

The following is a synopsis of a recently reported loss or breach of personally identifiable information (PII) that highlights common mishandling mistakes made by individuals within the Department of the Navy. Names have been changed, but details are factual and based on reports sent to the DON Privacy Office.

Resources

Privacy Training and Compliance Resources

by DON CIO Privacy Team - May 12, 2017

The following resources are provided to support the Department of the Navy's annual privacy training and semi-annual compliance spot-check requirements. Note: The GENADMIN (DTG 181905Z DEC 08) training requirement supercedes the ALNAV 070/07 training requirement. The compliance spot check requirements of the ALNAV remain in effect.

Take the DON Privacy Quiz!

May 12, 2017

The DON Privacy Quiz highlights basic personally identifiable information (PII) knowledge and policy information that all DON personnel should be familiar. It is recommended that command/unit privacy officials use this quiz (attached below) as a training aid that can be specifically tailored to local use. Please provide feedback on how to make this a better tool by submitting your comments to the DON CIO Privacy Team via ...

DON IT Conference, East Coast 2017 Dial-In and DCS Session Info

May 8, 2017

Below please find the dial-in conference numbers and DCS URLs for the DON IT Conference sessions being held May 16-18, 2017.

DoD Privacy Impact Assessment Template

March 17, 2017

The new Department of Defense Privacy Impact Assessment Template has been published and is available for use by Army, Navy, Air Force, DISA, OSD/JS, DLA, TMA and DFAS. The link provides access to the Word and fillable PDF versions of DD FORM 2930 on the DoD forms web site.

DON IT Conference, West Coast 2017 Dial-In and DCS Session Info

February 10, 2017

Below please find the dial-in conference numbers and DCS URLs for the DON IT Conference sessions being held Feb. 21-23, 2017.

Featured Artcicles: Jan - Mar 2017

January 30, 2017

Reporting the Loss, Suspected Loss or Compromise of PII DON CIO Privacy Team DON CIO Explains Top Focus Areas CHIPS Magazine The Evolution of Infrastructure Thomas

Privacy Briefs

by DON CIO Privacy Team - December 15, 2016

The following privacy presentations are provided for reference and use in developing future presentations and briefings.

Personally Identifiable Information Posters

November 2, 2015

The Department of the Navy Chief Information Officer has created press-quality posters to help communicate the importance of protecting and properly handling personally identifiable information (PII).

DON Responsibility Assignments for Organizationally Defined Values Within NIST Security Controls

September 23, 2015

When DoD adopted the NIST control catalog (NIST SP 800-53) and published the baselines, the DoD provided values for many of the NIST controls that had organizationally defined values; however, they determined that some values should not be determined at the DoD Enterprise level. This spreadsheet was developed by the DON CIO, in coordination with the DON services, to recommend the roles within the DON that make the value ...

Cloud Security Information Impact Level Matrix

May 21, 2015

The DON Cloud Security Information Impact Level Matrix is intended to assist Mission Owners/Program Managers in determining security information impact levels as they apply to appropriate hosting environments.

2014 PII Brief

by DON CIO Privacy Team - March 24, 2014

The personally identifiable information (PII) brief attached below was presented at the Department of the Navy IT Conference, West Coast 2014 and is provided as a reference and for use in developing other PII presentations.

DON Users Guide to Personally Identifiable Information

by DON CIO Privacy Team - March 4, 2013

The Department of the Navy Users Guide to Personally Identifiable Information (PII) is provided as a convenient desk reference that can be printed as a brochure and distributed to increase awareness throughout the Department.

DON IT Policy Roundup for FY 2013

February 21, 2013

The Department of the Navy Information Technology Policy Roundup for fiscal year (FY) 2013 provides a summary of policies affecting IT projects and programs. For more detail, please review the entire policy at the links provided.

Inventory of DON Systems With Completed Privacy Impact Assessments

February 11, 2013

Section 208 of the E-Government Act of 2002 establishes government-wide requirements for conducting, reviewing and publishing Privacy Impact Assessments (PIA). The PIA directs agencies to conduct reviews of how privacy issues are considered when creating or purchasing new information technology (IT) systems or when initiating new electronic collections of information in identifiable form. A PIA addresses privacy factor

Privacy Frequently Asked Questions

by DON CIO Privacy Team - October 26, 2012

The following is a list of topics with questions that are frequently asked of the Department of the Navy Chief Information Officer Privacy Team. Responses have been provided and, in many cases, there are added references to the guidance that is cited. Please provide the Privacy Team additional questions so they may be added to the list.

Workforce Competency and Career Planning

September 13, 2012

This toolkit assists individuals in developing, tracking, and managing their careers and facilitates competency management for the information management/information technology and knowledge management (KM) professional at the organizational level.

Unique Investment Identifiers for FY2013

March 15, 2012

The table below provides FY2013 Unique Investment Identifiers (UIIs), formerly Unique Project Identifiers (UPIs), for Department of the Navy information technology systems. The UII is required when completing a Privacy Impact Assessment (PIA).

Department of the Navy Personally Identifiable Information Sample Compliance Spot Checklist

January 20, 2012

This checklist is an internal Department of the Navy document to be used by command leadership to assess the level of compliance in the handling of personally identifiable information as delineated by law and/or specific DoD/DON policy guidance. As commands adapt this checklist for their own use, their checklists will be posted here as a resource for others.

Methods for Hard Drive/Disk Destruction

by DON CIO Privacy Team - August 5, 2010

The following guidelines are provided for the proper destruction of Department of the Navy hard drives.

DTM 08-027 Frequently Asked Questions

August 20, 2009

Following the July release of Assistant Secretary of Defense (Networks and Information Integration) Directive-Type Memorandum (DTM) 08-027: "Security of Unclassified DoD Information on Non-DoD Information Systems," many questions have arisen concerning the requirements for this DTM. Below is a list of the most commonly asked questions and their answers.

Privacy Recommended Reading List

by DON CIO Privacy Team - June 23, 2009

Welcome to the Department of the Navy Chief Information Officer Privacy Team recommended reading list. This list will be periodically updated.

2012 Identity Theft Brief

by DON CIO Privacy Team - June 19, 2009

The identity theft brief attached below was presented at the 2012 Department of the Navy IM/IT Conference and is provided as a reference and for use in developing other PII presentations.

2012 Privacy Impact Assessment (PIA) Brief

by DON CIO Privacy Team - June 19, 2009

The Privacy Impact Assessment (PIA) brief attached below was presented during the 2012 Department of the Navy IM/IT Conference and is provided as a reference and for use in developing other PIA presentations.

Privacy Impact Assessment Signature Routing Guidance

by DON CIO Privacy Team - May 29, 2009

The following provides the proper routing for Navy and Marine Corps Privacy Impact Assessments (PIAs). The last two signature blocks on the DoD PIA Template (DD FORM 2930 NOV 2008) are reserved for (1) the DON Privacy Act Program Manager (DNS-36) or USMC Privacy Act/FOIA Officer and (2) the DON CIO.

OMB Information Collection Number

March 2, 2009

An Office of Management and Budget (OMB) Information Collection Number is required when collecting information from 10 or more members of the public in a 12-month period and is used in completing the Privacy Impact Assessment (PIA) Template.

Privacy Impact Assessment Resources

by DON CIO Privacy Team - March 2, 2009

The following resources are provided to assist with the privacy impact assessment submission process.

Privacy Impact Assessment Template "Gouge"

February 20, 2009

This document attempts to address the common issues encountered as a privacy impact assessment moves its way through the review and approval process. Consider this a "living" document and help us improve its content and usefullness.

Privacy Impact Assessment Template Risk Mitigation Question Responses

February 20, 2009

This document provides examples of possible responses to the privacy impact assessment (PIA) template questions that deal with the risks associated with the electronic collection of personally identifiable information and the ways to mitigate those risks.

Platform Information Technology Determination Checklist

February 6, 2009

The Platform Information Technology (PIT) Determination Checklist is provided to assist acquisition program managers in assessing the characteristics of a proposed IT system or component to determine if it is a Platform IT candidate and, therefore, subject to information assurance implementation. Note: Two versions of the PIT checklist are posted below. The "pdf" version is for manual submission; the "doc" version ...

PII Breach Reporting Resources

January 21, 2009

The following breach-related resources are provided to aid in reporting the loss or suspected loss of personally identifiable information (PII).

BUPERS Safeguarding PII Presentation

January 20, 2009

The attached brief provides background information, the resultant responses and best practices developed by the Bureau of Naval Personnel related to the sensitivity to the loss of personally identifiable information of DON personnel. Also attached is a transcript from the presentation.

Privacy Information and Resources

December 19, 2008

In addition to the privacy resources and information available on the DON CIO website, the following list of websites provide further information on privacy and identity theft prevention.

Reporting PII Breach Notifications

August 15, 2008

Commands reporting a loss or suspected loss of personally identifiable information (PII) will be contacted by the Department of the Navy Chief Information Officer Privacy Team to determine if individual notifications are required. The decision to notify will be based on the nature of the PII compromised and the resultant level of risk of identity theft. If the command is faced with notifications and cannot locate the ...

Potential Consequences for Failing to Safeguard PII

July 22, 2008

The DON Table of Potential Consequences and Penalties for the Mishandling/Improper Safeguarding of PII was developed with legal assistance from the Department of the Navy’s Office of Civilian Human Resources and its Workforce Relations and Compensation Division, the Office of the Judge Advocate General, and the Office of the DON CIO.

DON Cyber Crime Handbook

July 10, 2008

The Department of the Navy Cyber Crime Handbook contains an overview of the definitions, criminal techniques, electronic laws, incident reporting and responses regarding the cyber threats to Department personnel and the global infrastructure we rely on.