DoD CIO Memo - October 4, 2018
This memorandum updates and replaces DoD Chief Information Officer (CIO)
Memorandum, "Commercial Public Key Infrastructure Certificates on Public-Facing DoD
Websites," January 5, 2018. It provides clarification on where commercial certificates may be
purchased and expands the policy for use of commercial certificates on DoD Mobile Device
Management (MOM) systems.
DON CIO Memo - July 2, 2018
Based on the Department of Navy (DON) waiver request (Reference (a)) and agreement reached at the Executive - level Chief Information Officer (CIO) meeting (Reference (b)), the DON is granted a conditional waiver from the DoD information Assurance Workforce Program (Reference (c)) requirements. However, the conditional waiver does not relieve the DON from reporting requirements of the annual information assurance ...
Chief Information Security Officer - June 29, 2018
The CISO Handbook was created to educate and inform new and existing CISOs about their role in Federal cybersecurity. It provides resources to help CISOs responsibly apply risk management principles to help Federal agencies meet mission objectives, and makes CISOs aware of laws, policies, tools, and initiatives that can assist them as they develop or improve cybersecurity programs for their organizations.
DoD Instruction 5400.16 - September 14, 2017
This instruction establishes policy and assigns responsibilities for completion and approval of privacy impact assessments to analyze and ensure personally identifiable information in electronic form is collected, stored, protected, used, shared and managed in a manner that protects privacy.
DON CIO Memo - June 9, 2017
This memo details how the Department of Navy Chief Information Officer is responsible for establishing DON IT investment priorities to guide the Chief of Naval Operations (CNO) and Commandant of the Marine Corps (CMC) during the Program Objective Memorandum (POM) review cycle.
Developed by DISA for the DoD - January 31, 2017
As the Department of Defense strives to meet the objectives of the DoD CIO to maximize the use of commercial cloud computing, the Defense Information System Network (DISN) perimeter and DoD Information Network (DoDIN) systems must continue to be protected against cyber threats. DISA is responsible for developing the DISN protection requirements and guidance to secure the connection point to the Cloud Service Provider ...
DON CIO Memo - January 11, 2017
This memo establishes the process for the approval and subsequent programmatic requirements of Department of the Navy Spectrum Supportability Risk Assessments (SSRAs) using the Spectrum Supportability Integrated Process Portal (SSIPP).
SECNAV M-5239.2 - June 30, 2016
The manual updates Department of Navy workforce policy and responsibilities to support the DON's transition from the Information Assurance Workforce Program to the new DoD Cyberspace Workforce structure.
SECNAV INSTRUCTION 2201.1 - May 23, 2016
This instruction establishes DON COMSEC Material System Program implementation policy, delegates implementation roles, and clarifies implementation responsibilities DON wide. The guidance facilitates consistent program implementation by designated DON Secretariat, Navy, Marine Corps, Coast Guard, and Military Sealift Command officials and authorizes publication of detailed implementation procedures by appropriate ...
Federal Register: Vol. 81, No. 94 - May 16, 2016
DoD, GSA, and NASA are issuing a final rule amending the Federal Acquisition Regulation to add a new subpart and contract clause for the basic safeguarding of contractor information systems that process, store or transmit Federal contract information. The clause does not relieve the contractor of any other specific safeguarding requirement specified by Federal agencies and departments as it relates to covered contractor ...
SECNAV INSTRUCTION 5239.3C - May 2, 2016
This instruction establishes Department of the Navy policy for cybersecurity (CS) consistent with national and Department of Defense CS policy directives and instructions.
DON CIO Memo - February 12, 2016
This memorandum updates the Department of the Navy (DON) Acceptable Use Policy and cancels references (a) through (c). Enclosure (2) specifies acceptable use of DON IT. The DON uses tools to monitor user activity and to implement varying levels of capacity/filtering restrictions. Communications using, or information stored on, DON IT are not private and are subject to routine monitoring, interception, and search; and may ...
DON CIO Memo - February 10, 2016
In order to promote consistency in DON Risk Management Framework (RMF) implementation, the DON Chief Information Officer (CIO) collaborated with Navy and Marine Corps cybersecurity stakeholders to develop DON Information Type Baselines. The DON baseline includes the information types and impact levels from reference (c) and adds DON-unique impact levels for certain information types. The DON Information Type Baselines ...
UNSECNAV Memo - February 1, 2016
This memorandum designates the Office of the Deputy Under Secretary of the Navy for Policy (DUSN(P)) as the DON office of primary responsibility for Critical Infrastructure Protection (CIP). While no longer the Secretariat lead for CIP, DON CIO will continue to provide cybersecurity support and advice to DUSN(P).
DON CIO Guidance - November 16, 2015
The Department of the Navy Chief Information Officer has updated and renamed the Acquisition Information Assurance Strategy (AIAS) Guidance to the DON CIO Cybersecurity Strategy (CSS) Template and Instructions. The document includes information from the Draft DoD Cybersecurity Strategy outline, provides a template format, and contains DON CIO guidance on developing and submitting the CSS to support system acquisition.
NAVADMIN 239/15 - October 13, 2015
This NAVADMIN describes how, starting October 2015, the Navy has launched a year-long communications campaign to create a culture where cybersecurity discipline is a high priority and a daily habit, protecting the Navy from the persistent cyber threat it faces.
DON CIO Memo - May 20, 2014
The purpose of this memo is to implement the Risk Management Framework for Department of Defense Information Technology, within the Department of the Navy.
DON CIO Memo - December 3, 2013
This memo outlines an efficient path to compliance with Department of Defense information systems Certification and Accreditation requirements when connecting end-user electronic fingerprint (eFP)hardware and installing end-user eFP software on DON networks.
Presidential Policy Directive 21 - February 12, 2013
This directive establishes national policy on critical infrastructure security and resilience; refines and clarifies the critical infrastructure-related function, roles, and responsibilities across the Federal government; and enhances overall coordination and collaboration.
Executive Order 13636 - February 12, 2013
This executive order establishes the United States' policy to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. Such goals are achieved through a partnership with the owners and operators of critical ...
SECNAVINST 1543.2 - November 30, 2012
The purpose of this instruction is to establish policy and procedures for Department of the Navy cyberspace/information technology(IT) workforce (WF) professional development through a continuous learning program (CLP). The CLP requires 40 hours per year of education, training, certification and other activities that support the sustainment and continued improvement of the capabilities of the DON Cyberspace/IT WF.
DTG 281759Z AUG 12 - August 28, 2012
The purpose of this coordinated Department of the Navy Chief Information Officer, DON Deputy CIO (Navy), DON Deputy CIO (Marine Corps), and DON Information Security Program Authority message is to update policy for the disposal and mandatory physical destruction of electronic storage media.
SECNAVINST 5720.44C Change 1 - February 21, 2012
The purpose of this instruction is to provide basic policy and regulations for carrying out the public affairs and internal relations programs of the Department of the Navy.
DON CIO Memo - February 1, 2012
This memo formally establishes Department of the Navy Cyber Range guidance. The Cyber Range provides an operationally realistic environment to support exercises, training, testing and evaluation with no risk to operational networks.
SECNAVINST 3501.1C - December 13, 2011
In February 2016, the Under Secretary of the Navy designated the Office of the Deputy Under Secretary of the Navy for Policy (DUSN(P)) as the DON office of primary responsibility for Critical Infrastructure Protection (CIP). While no longer the Secretariat lead for CIP, DON CIO will continue to provide cybersecurity support and advice to DUSN(P).
This instruction provides policy and delineates specific ...
DoD Guidance - July 18, 2011
This document provides an outline, content and formatting guidance for the Program Protection
Plan (PPP) required by DoDI 5000.02 and DoDI 5200.39. The outline structure and tables are
considered minimum content that may be tailored to meet individual program needs.
The guidance is based on the July 18, 2011, memo, "Document Streamlining -- Program Protection Plan," which can be found on the first page of the ...
UNSECNAV Memo - May 11, 2011
The purpose of this memo is to establish a common enterprise approach between the functions of the DON CIO and the Navy and Marine Corps. This renewed approach is designed to strengthen the integration and success of the Department's IM, IT (to include national security systems) and cyberspace (excluding intel, attack and exploit), and information resource management operations, procurement and business processes.
UNSECNAV Memo - December 3, 2010
This memo addresses information technology/cyberspace efficiency initiatives and realignment in the Department of the Navy. It underscores the challenge by the Secretary of Defense to think about the DON's approach to IT initiatives and to centralize and consolidate efforts where it makes sense. This memo directs the DON Chief Information Officer to take the lead for the Department for this endeavor, noting that it is a ...
SECNAVINST 5239.21 - August 27, 2010
This policy establishes electronic signature policy for the Department of the Navy consistent with Federal and Department of Defense legislation and policies. This policy is not a mandate to replace handwritten signatures with electronic signatures but rather is a policy to adopt electronic signatures as the preferred means of conducting business transactions within the DON.
DTG 192014Z AUG 10 - August 19, 2010
The purpose of this Naval message is to reinforce how personnel store and distribute national security information (NSI), as well as to remind personnel of their responsibility to safeguard NSI commensurate with level of classification until the information is declassified by the appropriate original classification authority.
UNSECNAV Memo - February 12, 2010
This memo conveys the seriousness the Under Secretary of the Navy places on personal privacy and the safe management of Department of the Navy personally identifiable information (PII) and his intention to make eradicating further PII breaches a Departmental priority. This includes implementing a DON-wide plan to reduce the collection and use of Social Security numbers.
ASD(NII) Directive-Type Memorandum 08-027 - July 31, 2009
This Assistant Secretary of Defense (Networks and Information Integration) Directive-Type Memorandum
establishes policy for managing the security of unclassified Department of Defense information on non-DoD information systems. A list of frequently asked questions provides information and direction for implementation in the Department of the Navy.
SECNAVINST 5239.3B - June 17, 2009
This instruction establishes information assurance (IA) policy for the Department of the Navy consistent with national and Department of Defense (DoD) policies. It also designates the DON Chief Information Officer as the DON official assigned responsibility and delegated authority in order to ensure Federal, DoD and DON IA requirements are carried out within the Department of the Navy.
DTG 181430Z MAY 09 - May 18, 2009
This Naval message implements the Department of Defense Privacy Impact Assessment (PIA) guidance of Feb. 12, 2009, for the Department of the Navy. The following is highlighted:
The guidance expands PIA coverage from just members of the public to include Federal personnel, Federal contractors, and Foreign Nationals employed at U.S. military facilities abroad.
PIAs are required for legacy systems and electronic ...
DTG 241757Z APR 09 - April 24, 2009
This Naval message is about the NIPRNet Hardening Initiative. The first increment of this initiative involves the registering, testing, and restricting access to and from the Internet of all public-facing File Transfer Protocol (FTP), web, e-mail and Domain Name System (DNS) servers. The first step in this first increment was successfully completed. The DON CIO congratulates all involved for a job well done. This message ...
SECNAVINST 5230.15 - April 10, 2009
SECNAVINST 5230.15 mandates that all COTS software in use across the Department of the Navy be vendor supported. DON organizations desiring to continue to use COTS software that is no longer supported must request and receive a waiver to this policy.
SECNAVINST 3052.2 - March 6, 2009
This instruction establishes policies and responsibilities for the administration of cyberspace within the Department of the Navy.
DTG 281919Z JAN 09 - January 28, 2009
This Naval message provides amplification guidance for the purchase and installation of Common Access Card readers on all Personal Electronic Devices including BlackBerrys. It also identifies the procurement options for the required hardware.
DTG 181905Z DEC 08 - December 18, 2008
This Naval message emphasizes that personally identifiable information (PII) annual awareness training is foundational to the safeguarding of PII and key to understanding the Department's breach reporting responsibilities. It explains how DON leadership must continually reinforce PII awareness, through training, so that personnel properly safeguard privacy sensitive information in order to improve business processes.
DTG 031859Z DEC 08 - December 3, 2008
This Naval message details policy changes that have been made as a result of an impact assessment and data call conducted by the DON CIO to understand where software certificates are used in the Department's unclassified environments.
DTG 032009Z OCT 08 - October 3, 2008
This Naval message provides updates to the DON policy for digital signature and encryption of email. It also provides updated budget guidance for procurement and use of Smart Card Reader technology to support digital signature and encryption of email from Personal Electronic Devices.
SECNAVINST 5239.19 - March 18, 2008
This instruction establishes Department of the Navy incident response policy to align and integrate DON computer incident response and reporting requirements with Department of Defense policy guidance.
DTG 142031Z MAR 08 - March 14, 2008
This Naval message reiterates policy, direction and guidance regarding Continuity of Operations (COOP) planning as it relates to information technology systems. Additionally, this message directs that COOP plans will address connectivity to data and services that reside on Department of the Navy networks and communications considerations; establish-IT related processes and procedures to identify IT damage and ...
Joint DON CIO and CHINFO Memo - October 17, 2007
This policy provides Department of the Navy guidance for governing the registration, content, compliance, and investment of all unclassified DON web sites and their associated Uniform Resource Locators. The policy applies to all DON commands and activities with unclassified web sites (publicly accessible or access restricted) designed, developed, procured or managed by DON activities and/or hosted and managed by their ...
ALNAV 070/07: R 042232Z OCT 07 - October 4, 2007
This ALNAV message stresses the seriousness of safeguarding personally identifiable information (PII) across the Department by establishing an annual PII awareness training requirement, as well as completing semi-annual command level PII compliance spot checks.
View PII Spot Check Form.
DTG 232026Z JUL 07 - July 23, 2007
This Naval message defines personally identifiable information (PII) and emphasizes the importance of its proper handling following more than 100 incidents of PII loss during the past 18 months.
DTG 171952Z APR 07 - April 17, 2007
This Naval message establishes interim policy for the handling of personally identifiable information when stored on government furnished laptop computers, other mobile computing devices and removable storage media (e.g., removable hard drives, thumb drives, blackberries, personal digital assistants, compact discs and DVDs).
DON CIO Memo - June 16, 2006
This memo and enclosures prescribe the Department of Defense and Department of the Navy Privacy Impact Assessment guidance for IT systems that contain information in identifiable form.
DoD CIO Memo - May 5, 2006
This memo provides direction to incorporate standard digital signature profiles into all applications, systems or processes that use digital signatures. This implementation will lead industry toward interoperable digital signature implementations.
DoD Guide - March 1, 2006
This guide specifies technical details for implementing interagency PIV I and PIV II National Institute of Standards and Technology Special Publication 800-73v1 requirements in the DoD CAC environment. It documents how the DoD common access card and middleware are implemented with PIV.
DoD 5220.22-M - February 28, 2006
This manual prescribes requirements, restrictions, and other safeguards that are necessary to prevent unauthorized disclosure of classified information and to control authorized disclosure of classified information.
SECNAVINST 5211.5E - December 28, 2005
SECNAVINST 5211.5E implements the Privacy Act of 1974 per the Department of Defense Privacy Program Directive and Regulation ensuring that all DON military members and civilian/contractor employees are made fully aware of their rights and responsibilities with regards to privacy. The program attempts to balance the government’s need to maintain information with the obligation to protect individuals against unwarranted ...
SECNAV M-5239.1 - November 1, 2005
This manual implements the policy set forth in SECNAVINST 5239.3B: Department of the Navy Information Assurance Policy and is issued under the authority of SECNAVINST 5430.7N: Assignment of
Responsibilities and Authorities in the Office of the Secretary of the Navy. It is intended to serve as a high-level introduction to information assurance and IA principles. It discusses common IA controls and associated requirements ...
DON Guidance - October 27, 2004
This summary provides the Department of the Navy format for system assessors to use when conducting a Privacy Impact Assessment.
DTG 061525Z OCT 04 - October 8, 2004
This Naval message provides amplifying public key infrastructure implementation guidance.
March 14, 2019
Registration is now open for the DON IT Conference, East Coast 2019. It has been approved for June 3-5, 2019, and will be held at the at the Hilton Norfolk The Main in Norfolk, VA. No conference fee will be assessed, but registration is required.
February 25, 2019
Congratulations to the 2019 DON Information Management/Information Technology (IM/IT) Excellence Award Winners! The DON IM/IT Excellence Awards recognize excellence in information management and information technology across the Department of the Navy.
February 18, 2019
Presentations given during the DON IT conference sessions held in San Diego, CA, Feb. 13-15, are available by request to government civilian, military personnel, and DoD support contractors. Please submit your request by using the "Contact Us" link located in the DON CIO Information section
by The Honorable Thomas B. Modly - January 25, 2019
During the first weeks of his tenure as president of JPMorgan Chase Bank, Jamie Dimon was briefed on the company’s efforts to outsource its information technology and corporate networks. It’s now the stuff of legend how Dimon not only cancelled a $5-billion IT contract, but challenged his people to own information as a proprietary, business-defining function. This strategic perspective has guided IT investment and ...
January 23, 2019
Department of the Navy Common Access Cards (CACs) must align with the Federal Personal Identity-Authentication (PIV-Auth) certificate, which ensures strong authentication. Homeland Security Presidential Directive 12 (HSPD-12) requires Federal departments and agencies to use strong authentication credentials for network and IT system access, and the CAC is DoD's primary mechanism for doing so on the NIPRNet.
DoD ...
January 23, 2019
Walk-in registration onsite at the West Coast DON IT Conference scheduled for Feb. 13-15 at the San Diego Convention Center will be available for three categories of attendees: 1) Non-TAD DON civilian and military attendees; 2) local and TAD government support contractors who provide a CAC or contact information of government sponsor; and 3) local and TAD non-DON government attendees.
The schedule, session ...
October 29, 2018
A different cybersecurity awareness topic designed to help keep your information secure was posted each week of October. We end the month with a message from the Secretary of Defense encouraging us to remain vigilant in today’s information environment
October 22, 2018
Hacks, data breaches, and cybercrimes have become increasingly commonplace. While the Department of the Navy has staff dedicated to keeping its networks secure, it is up to each of us to take steps to protect ourselves and reduce our cyber risks. Each week in October a cybersecurity awareness topic provided by the Pentagon Force Protection Agency’s Threat Intelligence Center is featured. This week’s topic is Phishing.
by RDML Danelle Barrett, USN, Navy Cyber Security Division Director, Office of the Deputy Chief of Naval Operations for Information Warfare (N2N6G) - October 17, 2018
The Navy is committed to being “all in” on transforming operations and business processes to leverage cloud technologies across the information warfighting platform through to the tactical edge. The operational advantages to warfighting with cloud technologies vice legacy client/server models are far reaching and include the ability to use micro-web services across the enterprise, as articulated in the Compile to Combat ...
October 15, 2018
Hacks, data breaches, and cybercrimes have become increasingly commonplace. While the Department of the Navy has staff dedicated to keeping its networks secure, it is up to each of us to take steps to protect ourselves and reduce our cyber risks. Each week in October a cybersecurity awareness topic provided by the Pentagon Force Protection Agency’s Threat Intelligence Center is featured. This week’s topic is Online ...
October 8, 2018
Hacks, data breaches, and cybercrimes have become increasingly commonplace. While the Department of the Navy has staff dedicated to keeping its networks secure, it is up to each of us to take steps to protect ourselves and reduce our cyber risks. Each week in October a cybersecurity awareness topic provided by the Pentagon Force Protection Agency’s Threat Intelligence Center is featured. This week’s topic is Computer ...
October 1, 2018
Hacks, data breaches, and cybercrimes have become increasingly commonplace. While the Department of the Navy has staff dedicated to keeping its networks secure, it is up to each of us to take steps to protect ourselves and reduce our cyber risks. Each week in October a cybersecurity awareness topic provided by the Pentagon Force Protection Agency’s Threat Intelligence Center is featured. This week’s topic is Mobile ...
October 1, 2018
Visit the Navy Public Affairs’ Cybersecurity Awareness site for information which is updated each week.
by Capt. Damen Hofheinz - July 13, 2018
It is my pleasure to be selected to serve as Director, Office of the CIO (OCIO). The DON CIO recently consolidated and reorganized. Certain functions not statutorily required to be done by the CIO were delegated to the Navy and Marine Corps. This is resulting in streamlined processes, workflow efficiency, and a leaner CIO organization. Mr. Thomas Modly, Under Secretary of the Navy, is also both the Chief Management ...
April 30, 2018
Presentations given during the DON IT conference sessions held in Norfolk, VA, April 23-25, are available by request to government civilian, military personnel, and DoD support contractors. Please submit your request by using the "Contact Us" link located in the DON CIO Information section
March 28, 2018
The DON IT Conference, East Coast 2018 scheduled for April 23-25, will include a Small Business Forum and Speed Networking session providing the opportunity for one-on-one discussions between small business companies and DON IT leaders. This small business focused session will be held on Monday, April 23, from 1:00 - 4:30 pm at the conference hotel, The Hilton Norfolk The Main, in the 4th floor Main Ballroom.
February 23, 2018
NAVSUP Business Systems Center hosted a booth at WEST 2018, which was held at the same time and location as the West Coast DON IT Conference. Interviewed at the booth by NAVSUP BSC Public Affairs Officer Vickie Hardy, Dr. Fletcher shared her insights into cybersecurity, risk management and the digital transformation. View excerpts from the interview.
by Dr. Kelly E. Fletcher - January 29, 2018
I want to share with you this years outstanding DON IT Conference program and congratulate the winners of the DON Information Management/Information Technology (IM/IT) Excellence Awards.
The DON Chief Information Officer hosts an East and West Coast DON IT Conference each year to provide information about the latest DON IT initiatives, offer training that applies to IT certifications, enable interaction with DON ...
December 11, 2017
The DON Cyber Glossary was developed by OPNAV N2N6 and coordinated with the DON CIO and US Marine Corps C4 Cybersecurity directorates. This useful glossary provides valuable information and defines significant cybersecurity terminology.
December 1, 2017
Congratulations to the individuals and teams from the Department of the Navy who were honored by DoD CIO for IT and cyber excellence at a November 30 ceremony at the Pentagon.
by DON CIO Privacy Team - October 31, 2017
Privacy Tips are meant to increase awareness about privacy issues that impact the Department of the Navy by highlighting a specific topic. Feedback or suggestions for future topics are welcomed.
October 30, 2017
The deadline to submit nominations for the DON Information Management/Information Technology (IM/IT) Excellence Awards has been extended to Nov. 27, 2017. The awards recognize the superior efforts of IM/IT projects, teams, and individuals in helping to transform DON information technology.
October 30, 2017
The Nation's critical infrastructure provides essential services that underpin American society and sustain the American way of life. We know critical infrastructure as the power we use in our homes and businesses, the water we drink, the transportation systems that get us from place to place, the first responders and hospitals in our communities, the farms that grow and raise our food, and the stores we shop in. In ...
October 23, 2017
Cybersecurity is vital to the Department of the Navy, and careers in this field abound. Whether you are interested in a cybersecurity career or you're already working in the field and want to hone your skills, the DON CIO has provided useful links to pertinent workforce information and training opportunities.
by Department of Homeland Security - October 16, 2017
Smart cities, connected devices, digitized records, as well as smart cars and homes have become a new reality, and your sensitive, personal information is the fuel that makes smart devices work. While there are tremendous benefits of this technology, it is critical to understand how to use these cutting-edge innovations in safe and secure ways.
by Department of Homeland Security - October 9, 2017
Businesses face significant financial loss when a cyber attack occurs. Cybercriminals often rely on human error – from employees failing to install software patches to clicking on malicious links – to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of every employee to keep data, customers, and capital safe and secure.
by Department of Homeland Security - October 2, 2017
Cybersecurity is present in every aspect of our lives, whether it be at home, work, school, or on the go. Regardless of one's technical ability or background, there are simple steps everyone can take to stay safe online.
August 23, 2017
I am very pleased to address you as Acting Department of the Navy Chief Information Officer. Though I am sad to see Rob Foster go, I’m excited by the things that are happening here in DON information technology and the contributions IT will make to Navy and Marine Corps capabilities. As Mr. Foster wrote in this space recently, DON CIO and the Service CIOs have been hard at work on improving cybersecurity and the DON's ...
July 31, 2017
To achieve a unified position and focus on IT priorities, the DON Chief Information Officer has established a process to develop specific DON IT Capability Priorities for each Program Objective Memorandum (POM) cycle. The objective is to influence the Services' internal IT Capability prioritization processes towards a common set of capabilities and capability development goals.
by Robert Foster - July 20, 2017
There is no question that seapower is a central element of our nation’s physical security and economic well-being. The challenges to that security are great, complex, and growing at an exponential rate that cannot be countered with a Fleet the size we have or with the one that is now authorized. Yet, sheer numbers alone are not the answer. Our future Navy not only needs to be larger, but much more flexible and more ...
by Robert Foster - April 17, 2017
The need for innovation never diminishes – to harness technology; to do more with less in budget challenged environments; to challenge the status quo. The Department of the Navy continues to cultivate an environment that promotes, fosters, and rewards innovation.
January 12, 2017
When using a laptop at work and/or at home, you should be taking a few basic steps to keep your data safe and your system operational.
November 14, 2016
Cybersecurity and Information System Security Awareness Training is a Fiscal Year requirement for all personnel that access information systems on unclassified or secret networks. This means after Oct. 1st of each year, the training needs to be done again for that year. Each person can satisfy the training requirement by completing one of the following: Cyber Awareness Challenge, Cyber Awareness Challenge Intelligence ...
November 3, 2016
The following is a list of CHIPS Magazine articles about personally identifiable information (PII) breaches based on factual reports sent to the DON CIO Privacy Office. Incidents such as these will be reported in each subsequent issue of CHIPS Magazine.
by Robert Foster - October 31, 2016
With increasing frequency, we read about computer networks being hacked — in both the public and private sectors. You may have been affected by one of the latest incidents on your own home network, the attack that brought several popular websites, including Amazon, Twitter and Netflix, to a standstill for hours. Though it did not affect our DON network, it is a compelling reminder that cyber intrusions are increasing in ...
by Robert Foster - October 31, 2016
With increasing frequency, we read about computer networks being hacked — in both the public and private sectors. You may have been affected by one of the latest incidents on your own home network, the attack that brought several popular websites, including Amazon, Twitter and Netflix, to a standstill for hours. Though it did not affect our DON network, it is a compelling reminder that cyber intrusions are increasing in ...
by Chris Kelsall - September 14, 2016
Remember Clinger-Cohen and the original Federal Information Security Management Act (FISMA), when it was called the Information Technology, Information Management, Information Resources Management and Information Assurance (IT/IM/IRM/IA) Workforce? That was 10 years ago. Since then, the world has moved on to cyber and cybersecurity, with a lot of workforce definitions and titles coming and going - and staying....
by Chris Kelsall - September 14, 2016
With the publication of DoD Directive 8140.01, "Cyberspace Workforce Management" and Secretary of the Navy (SECNAV) Instruction 5239.20A, "Department of the Navy Cyberspace Information Technology and Cybersecurity Workforce (DON Cyber IT/CSWF) Management and Qualification," a new approach to education, training and Cyber IT/CSWF qualification will occur. ...
June 30, 2016
SECNAV Manual 5239.2, "DON Cyberspace IT and Cybersecurity Workforce Management and Qualification," was signed by the Secretary of the Navy on June 27, 2016. The manual updates Department of Navy workforce policy and responsibilities to support the DON's transition from the Information Assurance Workforce Program to the new DoD Cyberspace Workforce structure.
June 20, 2016
Did you know you can use your personal portable electronic devices in select DON spaces? ...
May 6, 2016
Congratulations to the following Marine Corps team and individual award
winners. They were recognized at the 13th Annual C4 Awards Dinner on April
21, by the Marine Corps Association and Foundation.
by Navy News Service - April 20, 2016
Department of the Navy Chief Information Officer (DON CIO) Robert Foster recognized more than 10 individuals and teams for transforming the Navy and Marine Corps through information technology during a ceremony at the Washington E. Walter Convention Center April 20.
March 4, 2016
The Department of the Navy Chief Information Officer is pleased to announce the winners of the 2016 DON IM/IT Excellence Awards. The awards recognize teams and individuals for various categories of awards related to information management and information technology. The following were selected as the 2016 winners.
by DON Privacy Team - February 26, 2016
The following is a list of CHIPS Magazine articles on the Department of the Navy's (DON's) Social Security Number (SSN) Reduction program and related success stories received by the DON CIO Privacy Office. Additional articles such as these will be reported in each subsequent issue of CHIPS Magazine.
February 12, 2016
This February 12, 2016 memorandum updates existing policy and specifies the acceptable use of DON IT. This policy is a coordinated effort between the Deputy Under Secretary of the Navy for Policy (DUSN(P)) Security and the DON CIO as part of the DON's cyber/traditional security partnership for the protection of national security information and information systems.
View the entire memo
by Rob Foster - February 4, 2016
It is very important to me to spend time meeting with Department of the Navy (DON) stakeholders to maintain active communication and feedback channels. I have made it a point to get out of the Pentagon and visit various Navy and Marine Corps commands to see for myself the excellent IT-related work that’s taking place and hear directly about IT-related challenges and concerns. I have strongly encouraged the DON Chief ...
by Rob Foster - October 29, 2015
While October was designated as National Cybersecurity Awareness month it is always an opportune time to address what the Department is doing to strengthen our security posture as well as reinforce the importance of practicing the utmost care whenever we use a government computer and access a government network. More...
by Cheryl Pellerin, DoD News, Defense Media Activity - April 23, 2015
Defense Secretary Ash Carter today unveiled the Defense Department's second cyber strategy to guide the development of DoD's cyber forces and to strengthen its cyber defenses and its posture on cyber deterrence.
by National Cyber Security Alliance - April 10, 2015
The National Cyber Security Alliance (NCSA) and Better Business Bureau (BBB) say now is the perfect time for a "digital spring cleaning."
In many households, spring cleaning is an annual ritual marked by clearing out closets, basements and garages, de-cluttering cabinets and getting everything spic and span. While making sure your home is in tip-top shape, don’t forget about getting a fresh start with your online ...
February 20, 2015
The Department of the Navy Chief Information Officer is pleased to announce the winners of the 2015 DON IT Awards. ...
October 20, 2014
Attempted intrusions into DoD networks by spear-phishing or a social media based attack occur frequently. While it is legal to access social media sites from your DoD computer, there are precautions that you should take to make both your personal information and our government networks safe from attack. ...
October 9, 2014
National Cybersecurity Awareness Month (NCSAM) – celebrated every October - was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.
September 15, 2014
Personally identifiable information (PII) should only be shared or accessible to those with a need to know. PII includes government email addresses as well as personal email addresses. A best practice when sending emails to a large number of individuals is to use the BCC (blind copy) feature. ...
August 25, 2014
As a result of the implementation of the new Department of Defense Cybersecurity and Risk Management Framework instructions (DoDI 8500.01 and DoDI 8510.01), the term information assurance has been changed to cybersecurity. ...
July 11, 2014
Recent media accounts have reported a breach of the Office of Personnel Management (OPM) network. At this time, neither OPM nor the United States Computer Emergency Readiness Team (US-CERT) has identified any loss of personally identifiable information for any users of OPM's internal or external systems. There is no need for additional action from employees and customers related to this incident.
June 12, 2014
With kids out of school for the summer, it's easy for parents and kids to shift their focus from education to fun. Parents want to make sure their kids are having fun and staying safe at the same time, and this should apply to all activities, from riding bikes, to swimming, to being online. Summer means kids will have more free time, which may mean more time on the computer. June is National Internet Safety Month, a time ...
by Barbara Hoffman - June 9, 2014
It has been a privilege to serve in leadership positions for the Department of the Navy Chief Information Officer, including as Director of both the E-business and Investment Management teams, Principal Deputy for two very talented DON CIOs, and now as the DON CIO (Acting). Our business IT environment has evolved dramatically over this timeframe, in technology advances as well as in operational and fiscal challenges.
May 1, 2014
A significant vulnerability has recently been identified in Microsoft Internet Explorer versions 6 through 11. This vulnerability allows cyber attackers remote access and control of users' systems through websites hosting malicious code. In order to take advantage of this vulnerability, attackers will attempt to lure users to contaminated sites using phishing attacks.
by Robert C. Hembrook - April 11, 2014
Recent news articles have discussed a newly discovered cybersecurity vulnerability given the nickname "Heartbleed." Heartbleed involves the Secure Sockets Layer (SSL), which enables secure transactions across the World Wide Web (e.g., https sites). Without SSL, everything you send over the Internet is sent in clear text, and can be read by anyone on your network. SSL helps encrypt data so that only the sender and ...
May 20, 2013
"Phishing" is a criminal activity in which an adversary attempts to fraudulently acquire sensitive information by impersonating a trustworthy person or organization via email. "Spear phishing," however, takes this email threat to a new level.
April 9, 2013
National Initiative for Cybersecurity Careers and Studies (NICCS) aims to be a single online resource for cybersecurity education and career information. As part of that effort, NICCS houses a Cybersecurity Education and Training Catalog that allows users to find training they need to advance their careers.
December 3, 2012
The Department of the Navy Chief Information Officer Privacy Office reports that 80 percent of all "high-risk" personally identifiable information (PII) breaches involve the Social Security Number (SSN). Recent DON and Department of Defense policy guidance outlines steps that reduce or eliminate the collection, use, display and maintenance of the SSN in DON business practices. As a result, commands are now authorized to ...
November 19, 2012
The upcoming Thanksgiving holiday marks the beginning of the annual holiday shopping season. Every year, more people turn to the Internet as a way to find bargains and conveniently fulfill their shopping list. Before you start your holiday shopping, remember to make sure security measures are in place and you understand the consequences of your actions and behaviors to safely enjoy the benefits of the Internet.
August 24, 2012
The Information Assurance Scholarship Program (IASP), authorized by Chapter 112 Title 10 United States Code, is designed to increase the number of qualified personnel entering the information assurance (IA) and information technology fields within the Department. It also serves as a mechanism to strengthen the IA infrastructure through grants, while assisting the Department in addressing emerging IA/IT issues, and as a ...
August 24, 2012
Scholarships are being offered for Department of the Navy civilian and military personnel through the Department of Defense Information Assurance Scholarship Program to meet the increasing demand for cyber/information technology professionals with a cybersecurity/information assurance (CS/IA) focus. These scholarships for master's and doctorate level work cover the cost of tuition, fees, and books. They can be used for ...
May 30, 2012
The Department of Defense Chief Information Officer has announced a decision to cease the issuance of software Public Key Infrastructure (PKI) certificates to its "Five Eyes" (FVEY) partner nations (Australia, New Zealand, Canada and the United Kingdom). A memo released on May 8, 2012, states that starting May 31, 2012, the FVEY partner nations that interact with the DoD on the Nonsecure Internet Protocol Router Network ...
May 11, 2012
The Navy Marine Corps Intranet (NMCI) continues to improve its security profile by increasing the use of smartcard credentials for network authentication. The network has established interoperability with Personal Identity Verification (PIV) smartcards issued by non-Department of Defense agencies and departments. ...
by Gretchen Kwashnik - January 17, 2012
The federal government's "cloud first" policy, as part of the Federal Chief Information Officer's "25 Point Implementation Plan to Reform Federal Information Technology Management," requires federal agencies to consider cloud computing before making new IT investments and to move at least three applications to the cloud by May 2012.
by Steve Muck - January 12, 2012
The following is a recently reported personally identifiable information (PII) data breach involving the posting of a large number of documents containing PII on an activity's shared drive. Incidents such as this will be reported in CHIPS magazine to increase PII awareness. Names have been changed or omitted, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy ...
by Jessica Pelenberg - November 18, 2011
As the quest for cost saving efficiencies rages on, three government officials spoke about the challenges their organizations are facing and their plans to tackle them at the Fifth Annual C5ISR Government and Industry Partnership Conference held Nov. 16, in Charleston, S.C.
by Jennifer M. Ellett - October 27, 2011
Certification and accreditation (C&A) transformation is an initiative to align processes, terminology and frameworks for assessing information security risk across all federal agencies, including the defense and intelligence communities. This effort will provide efficiencies, standardization and support to reciprocity.
by Steve Muck & Steve Daughety - October 27, 2011
The following is a recently reported personally identifiable information (PII) data breach involving a Department of the Navy support contractor who improperly handled PII. Incidents such as this will be reported in CHIPS magazine to increase PII awareness. Names have been changed or omitted, but details are factual and based on reports sent to the DON Chief Information Officer Privacy Office.
by Mike Hernon - October 27, 2011
The Department of the Navy anticipates that personnel will begin teleworking in significant numbers when a new telework policy is released shortly. As a result, there will be explosive growth in the number of users who need to connect to the Navy Marine Corps Intranet and other government networks from remote locations, primarily from a home office, but also from other locations via cellular or Wi-Fi networks.
by Floyd Groce and Karen M. Davis - August 15, 2011
As all personnel within the Department of Defense and across the federal government are well aware, this is an era of increased budget scrutiny. However, with this scrutiny comes a new opportunity to assess and advance how DoD operates and to improve efficiency across a wide variety of business units and operations. As a significant budget item, the massive information technology infrastructure is no exception and offers ...
by Terry Halvorsen - July 27, 2011
The Department of the Navy must change the way it manages its business information technology (IT) systems. It is the reality of these fiscally constrained times; and frankly, it is the right thing to do as good stewards of taxpayer money.
by DON CIO Privacy Team - July 18, 2011
The purpose of this tip is to reinforce existing DON policy regarding digitally signing and encrypting emails that contain personally identifiable information (PII).
July 7, 2011
The Department of the Navy Chief Information Officer released guidance directing the Department's migration to the use of a stronger cryptographic hash algorithm in data security authentication procedures such as CAC logon and digital signatures.
by Terry Halvorsen - May 4, 2011
Why is the Department of the Navy aggressively pursuing information technology efficiencies? There are a number of contributing factors that led to the recent focus on efficiencies, but the primary catalyst is the realization by Department of Defense and DON leadership that from a fiscal perspective we cannot continue to do business the same old way, or it will adversely affect our ability to direct necessary resources ...
March 28, 2011
Three information technology leaders from the Department of the Navy were among this year's Federal 100 Award winners. Federal Computer Week magazine presents the award to 100 professionals from government, industry and academia who have played pivotal roles in affecting how the Federal Government acquires, develops and manages IT.
by Steve Muck - February 7, 2011
Human error is the cause of 80 percent of the DON's PII breaches. Not knowing or not following guidance, or just being careless can result in the unintended disclosure of privacy sensitive information and potentially adversely affect many personnel.
October 29, 2010
The Department of Defense Deputy Chief Information Officer recently published a memo for Department-wide distribution on DoD acceptance and use of qualified Personal Identity Verification-Interoperable (PIV-I) credentials for access to DoD logical and physical resources.
August 30, 2010
The Department of the Navy Chief Information Officer has signed out SECNAVINST 5239.21: "Department of the Navy Electronic Signature Policy," making electronic signatures the preferred means of conducting business transactions within the Department.
July 8, 2010
To ensure continuous oversight and sustainment of the Information Assurance Workforce Improvement Program, the Department of the Navy signed out a new instruction that further defines cybersecurity and information assurance workforce management and assigns compliance responsibilities.
by Mike Hernon, Tony Soules and Bob Turner - May 22, 2010
Not a week goes by without an inquiry to the Department of the Navy Chief Information Officer or the Navy or Marine Corps Designated Approving Authority (DAA) regarding the desire to bring a commercial wireless device, usually a BlackBerry, into restricted areas where classified information is discussed, stored or otherwise processed.
by James Mauck - May 18, 2010
The Secretary of Defense has embraced public key cryptography as a critical component of defense-in-depth and contributor to the overall Department of Defense information assurance (IA) strategy for protecting its information and networks. DoD Instruction 8520.2, "Public Key Infrastructure (PKI) and Public Key Enabling (PKE)" establishes the requirements for PK-enabling all email, private web servers and networks.
by Christopher Perry - May 18, 2010
Achieving and maintaining information dominance will require continuous and timely advances in both technology and operational processes. Cloud computing is one such rapidly emerging area of technology and operations that the Department of the Navy is already planning for and beginning to pilot. To achieve information dominance, it is vital that all new technologies and processes, such as cloud computing, be thoroughly ...
May 5, 2010
As a result of lessons learned during the first year of its execution, the Department of the Navy Platform Information Technology (PIT) policy has been updated to include several key provisions.
by Steve Muck - March 8, 2010
The following is a recently reported compromise of personally identifiable information (PII) involving the disposal of copiers containing personal information stored on their hard drives. Incidents such as this will be reported to increase PII awareness. Names have been changed or removed, but details are factual and based on reports sent to the DON CIO Privacy Office.
by Mike Hernon - March 4, 2010
For years now, Navy Marine Corps Intranet (NMCI) users have jealously eyed the laptop-wielding, Wi-Fi-connected masses in coffee shops, hotels and airports as they turned idle time into productive time. Barred from full network access, NMCI users on the go had to settle for cellular phones, air cards and Outlook Web Access to provide mobile support. While these capabilities provide some fairly productive mobility tools, ...
by Sonya Smith - February 26, 2010
The December 2008 report written by the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency, "Securing Cyberspace for the 44th Presidency," began with one central finding: "The United States must treat cybersecurity as one of the most important security challenges it faces."
by DON CIO Privacy Team - February 25, 2010
The Department of the Navy, Department of Defense and Office of Management and Budget (OMB) have mandated the protection of data at rest (DAR) on all unclassified network seats/devices. NMCI is implementing a solution using GuardianEdge Encryption Anywhere and Removable Storage software to meet these requirements. All data in computer storage as well as data written to a removable storage device will be encrypted. This ...
February 17, 2010
Ten information technology leaders from the Department of the Navy were among this year's Federal 100 Award winners. Federal Computer Week magazine presents the award to 100 professionals from government, industry and academia for their efforts in effecting change, progress and efficiency in determining how the Federal Government acquires, develops and manages IT.
by DON CIO Privacy Team - January 1, 2010
ALNAV 070/07 Department of the Navy Personally Identifiable Information (PII) Training Policy states that, "Commanders/Commanding Officers/Officers in Charge will ensure that supervisors conduct a spot check of their assigned area of responsibility, focusing on those areas that deal with PII on a regular basis (e.g., human resources, personnel support, medical, etc.)." The ALNAV also states that the compliance spot check ...
December 28, 2009
The Department of the Navy Chief Information Officer team is mourning the loss of their esteemed colleague Dr. Richard W. Etter, who served more than 34 years in the Department of the Navy, most recently as the DON CIO Director of Cybersecurity and Critical Infrastructure and the DON Deputy Senior Information Assurance Officer for Computer Network Defense. Dr. Etter died of a heart attack Monday, Dec. 21, 2009, while at ...
by Steve Muck - November 29, 2009
The following is a recently reported compromise of personally identifiable information (PII) involving the theft of storage media containing personal information. Names have been changed or removed, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy Office.
by Christy Crimmins - November 17, 2009
The use of social media has become a popular topic within the Department of the Navy, Defense Department and across the federal government. As agencies begin to venture into this media, whether it is creating an agency Facebook page or updating constituents via Twitter, precautions must be taken and risks should be assessed. While these tools open up many avenues for broader communication and collaboration, they also ...
by Mike Hernon and Bob Turner - November 12, 2009
Delivering a robust enterprise mobility capability to the Department of the Navy workforce requires leveraging various wireless tools at our disposal. One such tool, Short Message Service (SMS), or text messaging, is often overlooked but can provide significant benefits when used appropriately.
by DON CIO Privacy Team - November 4, 2009
A successful command privacy program must include an aggressive records review and disposal component. While hard copy files cannot be ignored, the volume of electronic data files is a much larger issue and must be aggressively addressed by local commands/units.
by DON CIO Privacy Team - October 6, 2009
Two recent personally identifiable information (PII) breach incidents involving the turn in of reproductive office equipment highlight the fact that many people do not know that copiers and printers present information security challenges.
by Tom Kidd - August 19, 2009
Whether wireless voice, video or data, the number of wireless applications are increasing. Wireless capabilities can be as simple as a wireless doorbell system or as complex as a naval unmanned aerial system providing real-time intelligence to forward-deployed Marines and Sailors. While the use of wireless systems is certainly advantageous for mobile requirements, wired systems retain a number of inherent benefits for ...
August 3, 2009
The Department of Defense has recently published the DoD Information Systems Certification and Accreditation (C&A) Reciprocity Memo signed by the DoD Principal Accrediting Authorities - senior officials who represent the interests of the Global Information Grid Mission Areas for C&A.
June 26, 2009
SECNAVINST 5239.3B: "DON Information Assurance Policy" was recently signed establishing IA policy for the Department of the Navy consistent with national and Department of Defense policies. With its 56 references, it provides IA policy for the Department over a broad spectrum, and assigns responsibilities in the DON for developing, implementing, managing and evaluating DON IA programs, policies, procedures and cont
June 19, 2009
Dr. Richard W. Etter, deputy senior information assurance officer, discusses how the Computer Network Defense (CND) Roadmap highlights the direction the Department of the Navy is heading in terms of future CND capabilities in this recent Washington Technology eSeminar. He also discusses the Department's goal to be more advanced, persistent and sophisticated with the CND t
by DON CIO Privacy Team - June 1, 2009
Why should you protect your personal information? To an identity thief, it can provide instant access to your financial accounts, your credit record and your other personal assets. If you think that no one would be interested in your personal information, think again.
May 26, 2009
The Department of the Navy Chief Information Officer recently signed the DON Information Assurance and Certification and Accreditation Concept of Operations (CONOPS).
by DON CIO Privacy Team - May 1, 2009
As cell phones and personal digital assistants (PDAs) become more technologically advanced, attackers are finding new ways to target victims. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device.
by Steve Muck - April 22, 2009
The following is a recently reported compromise of personally identifiable information (PII) involving the transmission of an un-encrypted e-mail which contained National Security Personnel System (NSPS) performance ratings of employees within a Navy region. Names have been changed or removed, but details are factual and based on reports sent to the DON CIO Privacy Office.
by DON CIO Privacy Team - March 6, 2009
If the Department of the Navy eliminated the use of Social Security numbers (SSN) from email, forms, documents and electronic information technology systems, 80 percent of the personally identifiable information (PII) breaches reported in 2008 would never have occurred. The March Privacy Tip of the Month explores the relationship between SSNs and identity theft. It also provides approaches to reducing the display, ...
by Steve Muck - February 20, 2009
The following is a reported loss or breach of personally identifiable information (PII) involving a Department of the Navy information system with lessons learned from the event. Names have been changed or removed, but details are factual and based on reports sent to the DON Privacy Office.
February 2, 2009
The Department of the Navy enterprise solution for protection of sensitive Data at Rest (DAR) on non-NMCI assets is now available. Implementation of this solution enables compliance with DoD and DON requirements associated with protection of personally identifiable information (PII) and other types of sensitive DAR on mobile computing devices and portable storage media.
by DON CIO Privacy Team - February 1, 2009
During the past year, the Department of the Navy has experienced problems relating to turning in excess information technology and office equipment that contain personally identifiable information (PII).
January 13, 2009
The Department of the Navy released its Federal Information Security Management Act (FISMA) Goals for FY09 in Naval message DTG 081605Z JAN 09. This Naval message provides requirements for individual systems to achieve and maintain 100 percent compliance with the required certification and accreditation, annual security review, annual testing of security controls, and annual evaluation of contingency plans.
January 9, 2009
In light of the increased reliability on information systems and an increased visibility of cyber security and number of attacks on systems, the criticality of consistent and thoughtful risk management has been recognized by senior leaders throughout the government.
January 1, 2009
During the past year, the Department of the Navy has experienced a few documented cases of identity theft linked to the loss of government privacy information. The December 2008 Privacy Tip focused on how thieves steal identities, what they do with the personal information they obtain, and general information about identity theft. This Privacy Tip is reproduced from Department of Justice guidance found on its
December 1, 2008
During the past year, the Department of the Navy has experienced a few documented cases of identity theft linked to the loss of government privacy information. This Privacy Tip focuses on how thieves steal identities and what they do with that personal information, as well as general information about identity theft.
November 1, 2008
As outlined in a recently published memo, the Department of the Navy endorses the secure use of Web 2.0 tools to enhance collaboration, streamline processes and foster productivity.
by Yuh-Ling Su - October 29, 2008
Process and Security Improvements Under DIACAP
On November 28, 2007, the most significant change in security policy in 10 years occurred when the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP) replaced the DoD Information Technology Security Certification and Accreditation Process (DITSCAP).
The Department of the Navy commenced full transition to DIACAP on March ...
September 8, 2008
The U.S. General Services Administration awarded Blanket Purchase Agreements (BPAs) to assist Federal agencies in protecting the confidentiality of personal credit and payment information, as well as providing a fast and effective solution for Federal agencies needing commercial-off-the-shelf credit monitoring services, according to its web site.
September 1, 2008
Recent personally identifiable information (PII) breach reports highlight the need to conduct searches of shared drives throughout the Department to protect employees’ personal information and reduce the risk of identity theft. PII is found most often in documents related to awards, medals, legal issues, medical records and financial data.
by Steve Muck - August 6, 2008
The following is a synopsis of a recently reported loss or breach of personally identifiable information (PII) that highlights common mishandling mistakes made by individuals within the Department of the Navy.
Names have been changed, but details are factual and based on reports sent to the DON Privacy Office.
August 1, 2008
Peer-to-Peer (P2P) networks, which link computers directly, allowing users to swap digital movies, music and files with other users without centralized security controls or oversight.
July 28, 2008
The recently released Department of the Navy Cyber Crime Handbook provides an overview of the definitions, criminal techniques, electronic laws, incident reporting and responses regarding cyber threats to DON personnel and the Department's global network infrastructure.
July 21, 2008
The DON DoD Information Assurance Certification and Accreditation Process (DIACAP) Handbook provides a comprehensive guide for executing certification and accreditation (C&A) processes within the Department of the Navy.
July 11, 2008
An enterprise solution to encrypt DON data-at-rest (DAR) for non-Navy Marine Corps Intranet (NMCI) networks is anticipated to be available this fall from the Department of Defense Enterprise Software Initiative/SmartBUY Enterprise Software Agreements.
July 1, 2008
Phishing is a criminal activity in which an adversary attempts to fraudulently acquire sensitive information by impersonating a trustworthy person or organization. Examples of such practices include manipulated emails that appear to be from the Department of the Navy, Navy Federal Credit Union, Navy Knowledge Online or other recognizable contacts.
June 13, 2008
Whether due to carelessness or theft, the loss of laptops and other portable electronic devices (especially thumb drives), continues to be one the top contributors to the loss of personally identifiable information (PII).
June 9, 2008
The International Association of Privacy Professionals' (IAPP) mission is to define, promote and improve the privacy profession globally and is the world's largest association of privacy professionals representing more than 5,000 members from business, government and academia across 32 countries. It is the first organization to establish educational and testing credentials for information privacy, i.e., the Certified ...
by Steve Muck - May 14, 2008
The following synopsis of a recently reported loss or breach of personally identifiable information (PII) highlights common mishandling mistakes made by individuals within the Department of the Navy. Names have been changed, but details are factual and based on reports sent to the DON Privacy office.
May 13, 2008
From FBI.gov
The scenario: You are at the airport waiting for your flight. With time to kill, you are thinking of connecting your laptop to the airport’s Wi-Fi to check your office e-mail, do some personal banking or shop for a gift for your spouse.
However, chances are there is a hacker sitting nearby with a laptop attempting to “eavesdrop” on your computer to obtain personal data that will provide access to ...
April 1, 2008
An instruction that establishes the Department of the Navy’s Computer Network incident response and reporting policy was recently signed out by the DON Chief Information Officer.
by Steve Muck - February 8, 2008
The following is a synopsis of a recently reported loss or breach of personally identifiable information (PII) that highlights common mishandling mistakes made by individuals within the Department of the Navy. Names have been changed, but details are factual and based on reports sent to the DON Privacy Office.
February 15, 2019
Conference sessions will be available via dial-in for those who want to participate from remote locations. The line will be muted by default, pressing *6 will unmute and mute your line. Please check back before the start of each session as numbers may change throughout the day.
by DON Privacy Team - January 25, 2019
The attached resource is provided for labeling CDs containing personally identifiable information (PII).
January 8, 2019
Section 208 of the E-Government Act of 2002 establishes government-wide requirements for conducting, reviewing and publishing Privacy Impact Assessments (PIA). The PIA directs agencies to conduct reviews of how privacy issues are considered when creating or purchasing new information technology (IT) systems or when initiating new electronic collections of information in identifiable form. A PIA addresses privacy factor
December 12, 2018
Q&A with Under Secretary of the Navy Thomas B. Modly, Department of the Navy CIO and CMO
Under Secretary of the Navy Thomas B. Modly
Department of the Navy Releases Business Operations Plan to Further Reforms
Office of the Navy Chief of Information
November 27, 2018
This document attempts to address the common issues encountered as a privacy impact assessment moves its way through the review and approval process. Consider this a "living" document and help us improve its content and usefullness.
by DON CIO Privacy Team - September 11, 2018
The following is a list of topics with questions that are frequently asked of the Department of the Navy Chief Information Officer Privacy Team. Responses have been provided and, in many cases, there are added references to the guidance that is cited. Please provide the Privacy Team additional questions so they may be added to the list.
July 18, 2018
DoD Bans Use of GPS-Capable Devices in All 'Operational Areas'
CHIPS Magazine
Promoting a New Era of Electromagnetic Spectrum Repurposing
Shameeka Hunt
Marines Test Future of W
May 22, 2018
The following breach-related resources are provided to aid in reporting the loss or suspected loss of personally identifiable information (PII).
by DON CIO Privacy Team - April 19, 2018
The Department of the Navy Users Guide to Personally Identifiable Information (PII) is provided as a convenient desk reference that can be printed as a brochure and distributed to increase awareness throughout the Department.
January 1, 2018
Is my name considered personally identifiable information?
Don Free, DON CIO Privacy Office DON Privacy Team
Rear Adm. Danelle Barrett, Navy Cyber Security Division Director
CHIPS Magazine Staff
DON Enterpri
by DON CIO Privacy Team - December 19, 2017
The following resources are provided to support the Department of the Navy's annual privacy training and semi-annual compliance spot-check requirements. Note: The GENADMIN (DTG 181905Z DEC 08) training requirement supercedes the ALNAV 070/07 training requirement. The compliance spot check requirements of the ALNAV remain in effect.
December 11, 2017
The DON Cyber Glossary was developed by OPNAV N2N6 and coordinated with the DON CIO and US Marine Corps C4 Cybersecurity directorates. This useful glossary provides valuable information and defines significant cybersecurity terminology.
December 8, 2017
Thank you for visiting the website of the Department of the Navy Chief Information Officer. The DON CIO provides policy and guidance on information management and information technology/cybersecurity to the Department of the Navy.
Please review the below frequently asked questions before submitting questions via "Contact Us." We have included answers to the most common cybersecurity questions.
After ...
December 8, 2017
The following is a list of topic areas and frequently asked questions relating to those topics. After review, if you still have an unanswered question, please feel free to submit it to Contact Us. (Submissions are limited to 1,500 characters. Please allow 3-5 business days for response from the DON CIO team.) You can also use the Search tool at the top of the page to find answers quickly.
October 30, 2017
Navy’s High Risk Escalation Process Continues to Evolve
Paul Harig and Tony Plater
Get FIT for RMF
Charles Hester and Carl Rice
DON Enterprise Software Agreements
DoD ESI Navy Software Program Manag
September 14, 2017
The new Department of Defense Privacy Impact Assessment Template has been published and is available for use. The link provides access to the fillable PDF version of DD FORM 2930 on the DoD forms website.
by DON CIO Privacy Team - September 14, 2017
The following resources are provided to assist with the privacy impact assessment submission process.
July 25, 2017
Useful resource guide for the Department of the Navy Cyber IT and Cybersecurity Workforce. The guide includes DON, Navy, and USMC Cyber IT and Cybersecurity Workforce points of contact and links to training and information for the DON Cyber IT and Cybersecurity Workforce qualification program.
July 24, 2017
DON CIO Establishes DON IT Capability Priorities Process
Anna Tarrant, DON CIO Financial Analyst
Smishing – The Latest Scam to Obtain Personal Data
DON Privacy Team
Building a Highly Skilled Risk Management F
May 12, 2017
The DON Privacy Quiz highlights basic personally identifiable information (PII) knowledge and policy information that all DON personnel should be familiar. It is recommended that command/unit privacy officials use this quiz (attached below) as a training aid that can be specifically tailored to local use. Please provide feedback on how to make this a better tool by submitting your comments to the DON CIO Privacy Team via ...
by DON CIO Privacy Team - December 15, 2016
The following privacy presentations are provided for reference and use in developing future presentations and briefings.
November 2, 2015
The Department of the Navy Chief Information Officer has created press-quality posters to help communicate the importance of protecting and properly handling personally identifiable information (PII).
September 23, 2015
When DoD adopted the NIST control catalog (NIST SP 800-53) and published the baselines, the DoD provided values for many of the NIST controls that had organizationally defined values; however, they determined that some values should not be determined at the DoD Enterprise level. This spreadsheet was developed by the DON CIO, in coordination with the DON services, to recommend the roles within the DON that make the value ...
May 21, 2015
The DON Cloud Security Information Impact Level Matrix is intended to assist Mission Owners/Program Managers in determining security information impact levels as they apply to appropriate hosting environments.
by DON CIO Privacy Team - March 24, 2014
The personally identifiable information (PII) brief attached below was presented at the Department of the Navy IT Conference, West Coast 2014 and is provided as a reference and for use in developing other PII presentations.
February 21, 2013
The Department of the Navy Information Technology Policy Roundup for fiscal year (FY) 2013 provides a summary of policies affecting IT projects and programs. For more detail, please review the entire policy at the links provided.
September 13, 2012
This toolkit assists individuals in developing, tracking, and managing their careers and facilitates competency management for the information management/information technology and knowledge management (KM) professional at the organizational level.
January 20, 2012
This checklist is an internal Department of the Navy document to be used by command leadership to assess the level of compliance in the handling of personally identifiable information as delineated by law and/or specific DoD/DON policy guidance. As commands adapt this checklist for their own use, their checklists will be posted here as a resource for others.
by DON CIO Privacy Team - August 5, 2010
The following guidelines are provided for the proper destruction of Department of the Navy hard drives.
August 20, 2009
Following the July release of Assistant Secretary of Defense (Networks and Information Integration) Directive-Type Memorandum (DTM) 08-027: "Security of Unclassified DoD Information on Non-DoD Information Systems," many questions have arisen concerning the requirements for this DTM. Below is a list of the most commonly asked questions and their answers.
by DON CIO Privacy Team - June 23, 2009
Welcome to the Department of the Navy Chief Information Officer Privacy Team recommended reading list. This list will be periodically updated.
by DON CIO Privacy Team - June 19, 2009
The identity theft brief attached below was presented at the 2012 Department of the Navy IM/IT Conference and is provided as a reference and for use in developing other PII presentations.
by DON CIO Privacy Team - June 19, 2009
The Privacy Impact Assessment (PIA) brief attached below was presented during the 2012 Department of the Navy IM/IT Conference and is provided as a reference and for use in developing other PIA presentations.
March 2, 2009
An Office of Management and Budget (OMB) Information Collection Number is required when collecting information from 10 or more members of the public in a 12-month period and is used in completing the Privacy Impact Assessment (PIA) Template.
February 6, 2009
The Platform Information Technology (PIT) Determination Checklist is provided to assist acquisition program managers in assessing the characteristics of a proposed IT system or component to determine if it is a Platform IT candidate and, therefore, subject to information assurance implementation.
Note: Two versions of the PIT checklist are posted below. The "pdf" version is for manual submission; the "doc" version ...
January 20, 2009
The attached brief provides background information, the resultant responses and best practices developed by the Bureau of Naval Personnel related to the sensitivity to the loss of personally identifiable information of DON personnel. Also attached is a transcript from the presentation.
December 19, 2008
In addition to the privacy resources and information available on the DON CIO website, the following list of websites provide further information on privacy and identity theft prevention.
August 15, 2008
Commands reporting a loss or suspected loss of personally identifiable information (PII) will be contacted by the Department of the Navy Chief Information Officer Privacy Team to determine if individual notifications are required. The decision to notify will be based on the nature of the PII compromised and the resultant level of risk of identity theft. If the command is faced with notifications and cannot locate the ...
July 22, 2008
The DON Table of Potential Consequences and Penalties for the Mishandling/Improper Safeguarding of PII was developed with legal assistance from the Department of the Navy’s Office of Civilian Human Resources and its Workforce Relations and Compensation Division, the Office of the Judge Advocate General, and the Office of the DON CIO.
July 10, 2008
The Department of the Navy Cyber Crime Handbook contains an overview of the definitions, criminal techniques, electronic laws, incident reporting and responses regarding the cyber threats to Department personnel and the global infrastructure we rely on.