Chief Information Security Officer - June 29, 2018
The CISO Handbook was created to educate and inform new and existing CISOs about their role in Federal cybersecurity. It provides resources to help CISOs responsibly apply risk management principles to help Federal agencies meet mission objectives, and makes CISOs aware of laws, policies, tools, and initiatives that can assist them as they develop or improve cybersecurity programs for their organizations.
DON CIO Guidance - November 16, 2015
The Department of the Navy Chief Information Officer has updated and renamed the Acquisition Information Assurance Strategy (AIAS) Guidance to the DON CIO Cybersecurity Strategy (CSS) Template and Instructions. The document includes information from the Draft DoD Cybersecurity Strategy outline, provides a template format, and contains DON CIO guidance on developing and submitting the CSS to support system acquisition.
DON CIO Memo - February 1, 2012
This memo formally establishes Department of the Navy Cyber Range guidance. The Cyber Range provides an operationally realistic environment to support exercises, training, testing and evaluation with no risk to operational networks.
DON Guidance - December 5, 2011
The Department of Defense Information Technology Portfolio Repository-Department of the Navy (DITPR-DON) process guidance document provides a comprehensive discussion of core DITPR-DON functionality and basic lifecycle transactions. This information will enable all users to gain the understanding necessary to perform the basic IT asset management functions of registering, transferring and archiving DON IT systems within ...
Under Secretary of Defense Memo - November 5, 2010
This memo cancels the Jan. 28, 2009, memo, "Business Practice Changes to Allow the Removal of Social Security Numbers from DoD Identification (ID) Cards," which established a timeline for truncation and removal of the visible Social Security numbers (SSN) on all ID cards.
The memo addresses concerns raised by DoD stakeholders about potential adverse impacts that may occur if the SSN is truncated or removed as ...
DTG 192014Z AUG 10 - August 19, 2010
The purpose of this Naval message is to reinforce how personnel store and distribute national security information (NSI), as well as to remind personnel of their responsibility to safeguard NSI commensurate with level of classification until the information is declassified by the appropriate original classification authority.
NAVADMIN 125/10 - April 8, 2010
The Under Secretary of the Navy issued the memo "Safeguarding Personally Identifiable Information" in February 2010 emphasizing the importance he places on personal privacy and the safe management of Department of the Navy's personally identifiable information (PII). His intention was to make eradicating further PII breaches a Departmental priority.
As a result, the Vice Chief of Naval Operations release
MARADMIN 162/10 - March 18, 2010
The Under Secretary of the Navy issued the memo "Safeguarding Personally Identifiable Information" in February 2010 emphasizing the importance he places on personal privacy and the safe management of the Department of the Navy's personally identifiable information (PII). His intention was to make eradicating further PII breaches a Departmental priority.
As a result, MajGen George Allen, DON Deputy CIO (M
SECNAVINST 5239.3B - June 17, 2009
This instruction establishes information assurance (IA) policy for the Department of the Navy consistent with national and Department of Defense (DoD) policies. It also designates the DON Chief Information Officer as the DON official assigned responsibility and delegated authority in order to ensure Federal, DoD and DON IA requirements are carried out within the Department of the Navy.
CNO Memo - September 7, 2006
This memo provides guidance regarding the use of recall rosters for the management of personnel and addresses what personal information may be included.
SECNAV M-5239.1 - November 1, 2005
This manual implements the policy set forth in SECNAVINST 5239.3B: Department of the Navy Information Assurance Policy and is issued under the authority of SECNAVINST 5430.7N: Assignment of
Responsibilities and Authorities in the Office of the Secretary of the Navy. It is intended to serve as a high-level introduction to information assurance and IA principles. It discusses common IA controls and associated requirements ...
5 U.S.C. 552a - September 1, 1974
The Privacy Act of 1974, 5 U.S.C. § 552a, establishes a code of fair information practices that governs the collection, maintenance, use and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some ...
February 28, 2020
The DON IT Conference, West Coast 2020 schedule is now available. The conference will be held March 2-3, 2020, at the San Diego Convention Center in San Diego, CA. No conference fee will be assessed, but registration is required. Pre-registration is now closed, but will be available on-site at the Convention Center.
August 25, 2014
As a result of the implementation of the new Department of Defense Cybersecurity and Risk Management Framework instructions (DoDI 8500.01 and DoDI 8510.01), the term information assurance has been changed to cybersecurity. ...
May 26, 2014
Because NMCI is "the network" for so many users (nearly 800,000), a continuation of what the new NGEN contract that services NMCI means to its customer base is important. Here are four key facts about NGEN you should know. ...
April 25, 2013
This alert provides notice of changes to the Department of Defense (DoD) 8570.01 Manual, "Information Assurance Workforce Improvement Program" baseline certifications. One certification has been added and two have been removed from the list.
November 19, 2012
The upcoming Thanksgiving holiday marks the beginning of the annual holiday shopping season. Every year, more people turn to the Internet as a way to find bargains and conveniently fulfill their shopping list. Before you start your holiday shopping, remember to make sure security measures are in place and you understand the consequences of your actions and behaviors to safely enjoy the benefits of the Internet.
August 24, 2012
The Information Assurance Scholarship Program (IASP), authorized by Chapter 112 Title 10 United States Code, is designed to increase the number of qualified personnel entering the information assurance (IA) and information technology fields within the Department. It also serves as a mechanism to strengthen the IA infrastructure through grants, while assisting the Department in addressing emerging IA/IT issues, and as a ...
by Jennifer M. Ellett - October 27, 2011
Certification and accreditation (C&A) transformation is an initiative to align processes, terminology and frameworks for assessing information security risk across all federal agencies, including the defense and intelligence communities. This effort will provide efficiencies, standardization and support to reciprocity.
by DON CIO Privacy Team - July 18, 2011
The purpose of this tip is to reinforce existing DON policy regarding digitally signing and encrypting emails that contain personally identifiable information (PII).
July 7, 2011
The Department of the Navy Chief Information Officer released guidance directing the Department's migration to the use of a stronger cryptographic hash algorithm in data security authentication procedures such as CAC logon and digital signatures.
by DON Privacy Team - April 12, 2011
Identity theft is a constant and evolving threat for all citizens and can be of particular concern for those on military deployment and their families. It is a serious crime that occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes.
by the DON Privacy Team - March 10, 2011
The following Privacy Tip provides existing policy guidance and best business practices for contract support personnel who handle personally identifiable information. Office of the Secretary of Defense Memo dated June 05, 2009, "Safeguarding Against and Responding to the Breach of Personally Identifiable Information (PII)" and SECNAV INST 5211.5E: "SECNAV Privacy Program" apply.
by the DON CIO Privacy Team - February 15, 2011
This Privacy Tip provides answers to frequently asked questions regarding upcoming changes to the Department of Defense identification cards. The questions and answers below were reproduced from a recent DoD memo. Changes include the removal of both the sponsor and dependent Social Security number (SSN), the addition of a DoD benefits number for DoD beneficiaries, and the removal of the SSN in the card bar codes. The DoD ...
by DON CIO Privacy Team - November 4, 2010
This is part two of Elements of a Good Privacy Program and serves as a best practices guide to help Department of the Navy commands/units implement and sustain privacy awareness and better safeguard personally identifiable information within their control.
October 29, 2010
The Department of Defense Deputy Chief Information Officer recently published a memo for Department-wide distribution on DoD acceptance and use of qualified Personal Identity Verification-Interoperable (PIV-I) credentials for access to DoD logical and physical resources.
August 30, 2010
The Department of the Navy Chief Information Officer has signed out SECNAVINST 5239.21: "Department of the Navy Electronic Signature Policy," making electronic signatures the preferred means of conducting business transactions within the Department.
by DON CIO Privacy Team - July 15, 2010
When a Department of the Navy activity reports a personally identifiable information breach, it must include lessons learned in an after-action report. Lessons learned are an important feedback mechanism and are used to shape future DON privacy policy. The following information is a compilation of the most frequently reported lessons learned.
by DON Privacy Team - August 29, 2018
The DON has a continuing affirmative responsibility to safeguard PII and to prevent its loss, theft or compromise. All DON personnel, including support contractors and business partners must ensure their actions do not contribute to, or result in, a compromise. Contractor employees who work onsite at a government facility must take the same DON Annual Privacy Training required of DON Civilians and military personnel. ...
March 16, 2017
The following resources are provided to help implement the Department of the Navy's Social Security Number Reduction Plan.
September 13, 2012
This toolkit assists individuals in developing, tracking, and managing their careers and facilitates competency management for the information management/information technology and knowledge management (KM) professional at the organizational level.
by DON CIO Privacy Team - April 10, 2012
The World Wide Web is specifically designed to be open and accessible to a global audience. While this global accessibility makes the web a powerful public information tool and enhances productivity in the conduct of daily business, it also presents a potential risk to Department of the Navy personnel, assets and operations if inappropriate information is published on DON websites. Threats to the security of Navy and ...
March 3, 2011
On Nov. 5, 2010, the Under Secretary of Defense for Personnel & Readiness (USD(P&R)) signed a memorandum announcing the removal of printed Social Security numbers on all Department of Defense identification cards. By the end of May 2011 and beyond, all DoD ID cards issued will display a new number, called the DoD identification number (also known as the EDI-PI). In addition to the DoD ID number, individuals entitled to ...
November 5, 2010
Department of the Navy electronic storage media processing, copying or storing classified and/or controlled unclassified information (CUI) is subject to the requirements of DTG 221633Z AUG 10: "Processing of Magnetic Hard Drive Storage Media for Disposal" and shall be safeguarded commensurate with the level of information stored until destroyed.
by DON CIO Privacy Team - October 15, 2010
The Privacy Act of 1974 is largely based on a set of internationally recognized principles for protecting the privacy and security of personal information known as the Fair Information Practices. A U.S. government advisory committee first proposed the practices in 1973 to address what it termed a poor level of protection afforded to privacy under contemporary law. The Organization for Economic Cooperation and Development ...
by DON CIO Privacy Team - September 24, 2010
All Privacy Act system of records notice (SORN) actions are transmitted electronically to the Chief of Naval Operations, Department of Defense and the Federal Register, because this method is both time and cost effective. Since DoD uses special software to transmit the text to the Federal Register, please do not indent, underline, bold, double-space or center the text.
All new systems require a "Narrative Statement on ...
by DON CIO Privacy Team - September 24, 2010
A Privacy Act (PA) system of records notice is the authority that allows you to collect, maintain and disseminate information that is retrieved by an individual's name and personal identifier. Because many activities maintain similar types of records, we have written generic or "umbrella" PA systems of records notices to cover activities that require collection of those types of records.
by DON CIO Privacy Team - September 17, 2010
The following processes are provided for active duty military members, former military members, family members, and other individuals wishing to obtain copies of military personnel records.
by DON CIO Privacy Team - September 17, 2010
The attachment is a copy of the Code of Federal Regulations, Title 32, Volume 5, Revised as of July 1, 2008 (32 CFR 701.128), "Privacy Act Exemptions for Specific Navy Record Systems."
by DON CIO Privacy Team - September 17, 2010
The following checklist is provided for use by Privacy Act coordinators and should be tailored to a command's specific needs.
by DON CIO Privacy Team - September 15, 2010
The Defense Privacy Program homepage provides resources related to the Privacy Program, Privacy Impact Assessments and the Freedom of Information Act.
by DON CIO Privacy Team - September 15, 2010
The attachment below provides step-by-step instructions to encrypt files using WinZip.
by DON CIO Privacy Team - September 15, 2010
The following additional resources are provided:
September 15, 2010
Best Practices for use with Command Shared Drives and Web Portals
The attachment below is the Program Executive Officer, Enterprise Information Systems (PEO EIS) Portal Procedures for Safeguarding Personally Identifiable Information (PII) and should be used as a best practice. The Department of the Navy has experienced numerous breaches across the enterprise in which PII was improperly posted to shared drives and web ...
by DON CIO Privacy Team - September 15, 2010
What is the Privacy Act?
The Privacy Act (PA) pertains to records the Department of the Navy is maintaining about you. More than 150 types of PA System of Records Notices (SORNs) have been identified that allow the DON to collect, maintain, use and disseminate information about individuals affiliated with the Department. View a complete list of approved systems.
by DON CIO Privacy Team - September 15, 2010
The following list of Office of Management and Budget memoranda pertains to privacy and is provided to assist personnel as they conduct their daily privacy-related functions.
September 13, 2010
Disclosure accounting allows an individual to determine what agencies or persons have been provided information from the system of records about them, enables Department of the Navy activities to advise prior recipients of the system of records of any subsequent amendments or statements of dispute concerning the system of records, and provides an audit trail of the DON's compliance with the Privacy Act of 1974.
September 13, 2010
When an individual is requested to furnish personally identifiable information for possible inclusion in a system of records, a Privacy Act Statement (PAS) must be provided to the individual, regardless of the method used to collect the information (e.g., forms, personal, telephonic interview, IT system, etc). If the information requested will not be included in a system of records, a PAS is not required.
by DON CIO Privacy Team - August 5, 2010
The following guidelines are provided for the proper destruction of Department of the Navy hard drives.
by DON CIO Privacy Team - July 12, 2010
The following is a list of 12 acceptable use criteria for systems requesting the use of Social Security numbers.