Information Assurance

News: 19   Policy: 12   Resources: 21    All: 52
Sort by Date | Title


The Chief Information Security Officer Handbook

Chief Information Security Officer - June 29, 2018

The CISO Handbook was created to educate and inform new and existing CISOs about their role in Federal cybersecurity. It provides resources to help CISOs responsibly apply risk management principles to help Federal agencies meet mission objectives, and makes CISOs aware of laws, policies, tools, and initiatives that can assist them as they develop or improve cybersecurity programs for their organizations.

DON CIO Cybersecurity Strategy Guidance

DON CIO Guidance - November 16, 2015

The Department of the Navy Chief Information Officer has updated and renamed the Acquisition Information Assurance Strategy (AIAS) Guidance to the DON CIO Cybersecurity Strategy (CSS) Template and Instructions. The document includes information from the Draft DoD Cybersecurity Strategy outline, provides a template format, and contains DON CIO guidance on developing and submitting the CSS to support system acquisition.

DON Cyber Range Policy Guidance

DON CIO Memo - February 1, 2012

This memo formally establishes Department of the Navy Cyber Range guidance. The Cyber Range provides an operationally realistic environment to support exercises, training, testing and evaluation with no risk to operational networks.

DITPR-DON Process Guidance v1.0

DON Guidance - December 5, 2011

The Department of Defense Information Technology Portfolio Repository-Department of the Navy (DITPR-DON) process guidance document provides a comprehensive discussion of core DITPR-DON functionality and basic lifecycle transactions. This information will enable all users to gain the understanding necessary to perform the basic IT asset management functions of registering, transferring and archiving DON IT systems within ...

Updated Plan to Remove Social Security Numbers from DoD Identification Cards

Under Secretary of Defense Memo - November 5, 2010

This memo cancels the Jan. 28, 2009, memo, "Business Practice Changes to Allow the Removal of Social Security Numbers from DoD Identification (ID) Cards," which established a timeline for truncation and removal of the visible Social Security numbers (SSN) on all ID cards. The memo addresses concerns raised by DoD stakeholders about potential adverse impacts that may occur if the SSN is truncated or removed as ...

Safeguarding Classified National Security Information

DTG 192014Z AUG 10 - August 19, 2010

The purpose of this Naval message is to reinforce how personnel store and distribute national security information (NSI), as well as to remind personnel of their responsibility to safeguard NSI commensurate with level of classification until the information is declassified by the appropriate original classification authority.

Safeguarding Personally Identifiable Information (PII)

NAVADMIN 125/10 - April 8, 2010

The Under Secretary of the Navy issued the memo "Safeguarding Personally Identifiable Information" in February 2010 emphasizing the importance he places on personal privacy and the safe management of Department of the Navy's personally identifiable information (PII). His intention was to make eradicating further PII breaches a Departmental priority. As a result, the Vice Chief of Naval Operations release

Safeguarding Personally Identifiable Information

MARADMIN 162/10 - March 18, 2010

The Under Secretary of the Navy issued the memo "Safeguarding Personally Identifiable Information" in February 2010 emphasizing the importance he places on personal privacy and the safe management of the Department of the Navy's personally identifiable information (PII). His intention was to make eradicating further PII breaches a Departmental priority. As a result, MajGen George Allen, DON Deputy CIO (M

DON Information Assurance Policy

SECNAVINST 5239.3B - June 17, 2009

This instruction establishes information assurance (IA) policy for the Department of the Navy consistent with national and Department of Defense (DoD) policies. It also designates the DON Chief Information Officer as the DON official assigned responsibility and delegated authority in order to ensure Federal, DoD and DON IA requirements are carried out within the Department of the Navy.

Recall Rosters

CNO Memo - September 7, 2006

This memo provides guidance regarding the use of recall rosters for the management of personnel and addresses what personal information may be included.

DON Information Assurance Manual

SECNAV M-5239.1 - November 1, 2005

This manual implements the policy set forth in SECNAVINST 5239.3B: Department of the Navy Information Assurance Policy and is issued under the authority of SECNAVINST 5430.7N: Assignment of Responsibilities and Authorities in the Office of the Secretary of the Navy. It is intended to serve as a high-level introduction to information assurance and IA principles. It discusses common IA controls and associated requirements ...

Privacy Act of 1974

5 U.S.C. 552a - September 1, 1974

The Privacy Act of 1974, 5 U.S.C. § 552a, establishes a code of fair information practices that governs the collection, maintenance, use and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some ...


DON CIO Aaron Weis Discusses "Digital Transformation Through Strategic Innovation"

May 6, 2021

The Department of the Navy Chief Information Officer Aaron Weis outlined the DON's strategy to "Modernize, Innovate and Defend" the Department's networks in remarks for the April 22, 2021 virtual FedScoop Public Sector Summit.

Schedule Available for DON IT Conference East Coast 2020 Virtual Event

October 20, 2020

The conference will be held Wednesday, November 4 and Thursday, November 5 via Microsoft CVR Teams. The at-a-glance conference schedule is now available.

Join DON CIO, DCNO Information Warfare and the Deputy Commandant for Information for a Cybersecurity Awareness Month Discussion

October 5, 2020

Please join Aaron Weis, DON CIO, VADM Jeff Trussler, DCNO for Information Warfare, and LtGen Lori Reynolds, Deputy Commandant for Information, as they talk about the importance of cybersecurity across our Department of the Navy team for Cybersecurity Awareness Month!

DON IT Conference Schedule Now Available; Pre-Registration Closed

February 28, 2020

The DON IT Conference, West Coast 2020 schedule is now available. The conference will be held March 2-3, 2020, at the San Diego Convention Center in San Diego, CA. No conference fee will be assessed, but registration is required. Pre-registration is now closed, but will be available on-site at the Convention Center.

DoD Instructions Lead to Change in Cybersecurity Term

August 25, 2014

As a result of the implementation of the new Department of Defense Cybersecurity and Risk Management Framework instructions (DoDI 8500.01 and DoDI 8510.01), the term information assurance has been changed to cybersecurity. ...

NGEN: It's Not the Network - Continued

May 26, 2014

Because NMCI is "the network" for so many users (nearly 800,000), a continuation of what the new NGEN contract that services NMCI means to its customer base is important. Here are four key facts about NGEN you should know. ...

Information Assurance Workforce Baseline Certification Update

April 25, 2013

This alert provides notice of changes to the Department of Defense (DoD) 8570.01 Manual, "Information Assurance Workforce Improvement Program" baseline certifications. One certification has been added and two have been removed from the list.

Stay Safe Online During the Holidays

November 19, 2012

The upcoming Thanksgiving holiday marks the beginning of the annual holiday shopping season. Every year, more people turn to the Internet as a way to find bargains and conveniently fulfill their shopping list. Before you start your holiday shopping, remember to make sure security measures are in place and you understand the consequences of your actions and behaviors to safely enjoy the benefits of the Internet.

Information Assurance Scholarship Program

August 24, 2012

The Information Assurance Scholarship Program (IASP), authorized by Chapter 112 Title 10 United States Code, is designed to increase the number of qualified personnel entering the information assurance (IA) and information technology fields within the Department. It also serves as a mechanism to strengthen the IA infrastructure through grants, while assisting the Department in addressing emerging IA/IT issues, and as a ...

Certification & Accreditation Transformation

by Jennifer M. Ellett - October 27, 2011

Certification and accreditation (C&A) transformation is an initiative to align processes, terminology and frameworks for assessing information security risk across all federal agencies, including the defense and intelligence communities. This effort will provide efficiencies, standardization and support to reciprocity.

DON Digital Signature and Encryption Policy for Emails Containing PII

by DON CIO Privacy Team - July 18, 2011

The purpose of this tip is to reinforce existing DON policy regarding digitally signing and encrypting emails that contain personally identifiable information (PII).

DON to Migrate to Use of Stronger Cryptographic Algorithms

July 7, 2011

The Department of the Navy Chief Information Officer released guidance directing the Department's migration to the use of a stronger cryptographic hash algorithm in data security authentication procedures such as CAC logon and digital signatures.

Steps For Military Personnel to Take to Defend Against ID Theft

by DON Privacy Team - April 12, 2011

Identity theft is a constant and evolving threat for all citizens and can be of particular concern for those on military deployment and their families. It is a serious crime that occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes.

Rules for Handling PII by DON Contractor Support Personnel

by the DON Privacy Team - March 10, 2011

The following Privacy Tip provides existing policy guidance and best business practices for contract support personnel who handle personally identifiable information. Office of the Secretary of Defense Memo dated June 05, 2009, "Safeguarding Against and Responding to the Breach of Personally Identifiable Information (PII)" and SECNAV INST 5211.5E: "SECNAV Privacy Program" apply.

SSNs to be Removed from Government ID Cards

by the DON CIO Privacy Team - February 15, 2011

This Privacy Tip provides answers to frequently asked questions regarding upcoming changes to the Department of Defense identification cards. The questions and answers below were reproduced from a recent DoD memo. Changes include the removal of both the sponsor and dependent Social Security number (SSN), the addition of a DoD benefits number for DoD beneficiaries, and the removal of the SSN in the card bar codes. The DoD ...

Elements of a Good Privacy Program (Part Two)

by DON CIO Privacy Team - November 4, 2010

This is part two of Elements of a Good Privacy Program and serves as a best practices guide to help Department of the Navy commands/units implement and sustain privacy awareness and better safeguard personally identifiable information within their control.

DoD Memo on PIV-I Credentials Released

October 29, 2010

The Department of Defense Deputy Chief Information Officer recently published a memo for Department-wide distribution on DoD acceptance and use of qualified Personal Identity Verification-Interoperable (PIV-I) credentials for access to DoD logical and physical resources.

DON Electronic Signature Policy Released

August 30, 2010

The Department of the Navy Chief Information Officer has signed out SECNAVINST 5239.21: "Department of the Navy Electronic Signature Policy," making electronic signatures the preferred means of conducting business transactions within the Department.

Top 10 PII Lessons Learned

by DON CIO Privacy Team - July 15, 2010

When a Department of the Navy activity reports a personally identifiable information breach, it must include lessons learned in an after-action report. Lessons learned are an important feedback mechanism and are used to shape future DON privacy policy. The following information is a compilation of the most frequently reported lessons learned.


Rules for Handling PII by DON Contractor Support Personnel

by DON Privacy Team - August 29, 2018

The DON has a continuing affirmative responsibility to safeguard PII and to prevent its loss, theft or compromise. All DON personnel, including support contractors and business partners must ensure their actions do not contribute to, or result in, a compromise. Contractor employees who work onsite at a government facility must take the same DON Annual Privacy Training required of DON Civilians and military personnel. ...

SSN Reduction Plan Resources

March 16, 2017

The following resources are provided to help implement the Department of the Navy's Social Security Number Reduction Plan.

Workforce Competency and Career Planning

September 13, 2012

This toolkit assists individuals in developing, tracking, and managing their careers and facilitates competency management for the information management/information technology and knowledge management (KM) professional at the organizational level.

Publically Accessible Website Privacy Resources (including Official DON Social Networking Sites)

by DON CIO Privacy Team - April 10, 2012

The World Wide Web is specifically designed to be open and accessible to a global audience. While this global accessibility makes the web a powerful public information tool and enhances productivity in the conduct of daily business, it also presents a potential risk to Department of the Navy personnel, assets and operations if inappropriate information is published on DON websites. Threats to the security of Navy and ...

SSN Reduction Frequently Asked Questions

March 3, 2011

On Nov. 5, 2010, the Under Secretary of Defense for Personnel & Readiness (USD(P&R)) signed a memorandum announcing the removal of printed Social Security numbers on all Department of Defense identification cards. By the end of May 2011 and beyond, all DoD ID cards issued will display a new number, called the DoD identification number (also known as the EDI-PI). In addition to the DoD ID number, individuals entitled to ...

Fair Information Practices

by DON CIO Privacy Team - October 15, 2010

The Privacy Act of 1974 is largely based on a set of internationally recognized principles for protecting the privacy and security of personal information known as the Fair Information Practices. A U.S. government advisory committee first proposed the practices in 1973 to address what it termed a poor level of protection afforded to privacy under contemporary law. The Organization for Economic Cooperation and Development ...

Guidelines for Establishing a New Privacy Act System of Records Notice

by DON CIO Privacy Team - September 24, 2010

All Privacy Act system of records notice (SORN) actions are transmitted electronically to the Chief of Naval Operations, Department of Defense and the Federal Register, because this method is both time and cost effective. Since DoD uses special software to transmit the text to the Federal Register, please do not indent, underline, bold, double-space or center the text. All new systems require a "Narrative Statement on ...

Identifying Privacy Act Systems of Records You May Be Using

by DON CIO Privacy Team - September 24, 2010

A Privacy Act (PA) system of records notice is the authority that allows you to collect, maintain and disseminate information that is retrieved by an individual's name and personal identifier. Because many activities maintain similar types of records, we have written generic or "umbrella" PA systems of records notices to cover activities that require collection of those types of records.

How to Obtain Military Personnel, Health, and Award Records

by DON CIO Privacy Team - September 17, 2010

The following processes are provided for active duty military members, former military members, family members, and other individuals wishing to obtain copies of military personnel records.

Privacy Act Exemptions

by DON CIO Privacy Team - September 17, 2010

The attachment is a copy of the Code of Federal Regulations, Title 32, Volume 5, Revised as of July 1, 2008 (32 CFR 701.128), "Privacy Act Exemptions for Specific Navy Record Systems."

Sample Checklist for Conducting Privacy Act Assessment/Staff Visits

by DON CIO Privacy Team - September 17, 2010

The following checklist is provided for use by Privacy Act coordinators and should be tailored to a command's specific needs.

DoD Privacy Program Resources

by DON CIO Privacy Team - September 15, 2010

The Defense Privacy Program homepage provides resources related to the Privacy Program, Privacy Impact Assessments and the Freedom of Information Act.

Instructions for Using WinZip to Encrypt Files

by DON CIO Privacy Team - September 15, 2010

The attachment below provides step-by-step instructions to encrypt files using WinZip.

Other Privacy Act Resources

by DON CIO Privacy Team - September 15, 2010

The following additional resources are provided:

PEO EIS Portal Procedures for Safeguarding PII

September 15, 2010

Best Practices for use with Command Shared Drives and Web Portals The attachment below is the Program Executive Officer, Enterprise Information Systems (PEO EIS) Portal Procedures for Safeguarding Personally Identifiable Information (PII) and should be used as a best practice. The Department of the Navy has experienced numerous breaches across the enterprise in which PII was improperly posted to shared drives and web ...

Privacy Act Desk Reference Guide

by DON CIO Privacy Team - September 15, 2010

What is the Privacy Act? The Privacy Act (PA) pertains to records the Department of the Navy is maintaining about you. More than 150 types of PA System of Records Notices (SORNs) have been identified that allow the DON to collect, maintain, use and disseminate information about individuals affiliated with the Department. View a complete list of approved systems.

Privacy-Related OMB Memoranda

by DON CIO Privacy Team - September 15, 2010

The following list of Office of Management and Budget memoranda pertains to privacy and is provided to assist personnel as they conduct their daily privacy-related functions.

Disclosure Accounting Form (OPNAV 5211/9 (MAR 1992))

September 13, 2010

Disclosure accounting allows an individual to determine what agencies or persons have been provided information from the system of records about them, enables Department of the Navy activities to advise prior recipients of the system of records of any subsequent amendments or statements of dispute concerning the system of records, and provides an audit trail of the DON's compliance with the Privacy Act of 1974.

General Purpose Privacy Act Statement (OPNAV FORM 5211/12)

September 13, 2010

When an individual is requested to furnish personally identifiable information for possible inclusion in a system of records, a Privacy Act Statement (PAS) must be provided to the individual, regardless of the method used to collect the information (e.g., forms, personal, telephonic interview, IT system, etc). If the information requested will not be included in a system of records, a PAS is not required.

Methods for Hard Drive/Disk Destruction

by DON CIO Privacy Team - August 5, 2010

The following guidelines are provided for the proper destruction of Department of the Navy hard drives.

Acceptable Use Criteria for Systems Collecting SSNs

by DON CIO Privacy Team - July 12, 2010

The following is a list of 12 acceptable use criteria for systems requesting the use of Social Security numbers.