Building, operating and securing the Global Information Grid (GIG) for the Department of Defense is a complex and ongoing challenge. To meet this challenge, a wide range of directives, instructions, manuals and other policies has been published. Unfortunately, the breadth and scope of these policies is such that being able to locate the appropriate policy and the latest version of that policy is not always easy. To make that a little easier for DoD’s information assurance (IA) professionals, the Deputy Assistant Secretary of Defense (DASD) for Cyber Identity and Information Assurance (CIIA) requested the Defense-wide Information Assurance Program (DIAP) develop a chart that pulled together all of the IA policies into a single document. That chart appears below. It was inspired by the creation of a similar Acquisition Security Policy Chart by the Office of the Under Secretary of Defense for Acquisition, Technology & Logistics. The goal of the IA Policy Chart is to capture the tremendous breadth of applicable policies, some of which many IA practitioners may not even be aware, in a helpful organizational scheme. The use of color, hatching, fonts and hyperlinks are all designed to provide additional assistance to IA professionals navigating their way through policy issues in order to build, operate and secure the GIG.
Navigating around the IA Policy Chart: Essentially, the Chart is designed around the four CIIA goals [1) Operate 2) Enable 3) Anticipate and 4) Prepare]:
- Organize for unity of purpose and speed of action (shortened to “Organize” in the chart).
- Enable secure mission driven access to information and services (shortened to “Enable” in the chart).
- Anticipate and prevent successful attacks on data and networks (shortened to “Anticipate” in the chart).
- Prepare for and operate through cyber degradation or attack (shortened to “Prepare” in the chart).
These four goal areas are subdivided into activities supporting each goal. On the left hand side of the chart is a legend that identifies the originator of each policy by a color-coding scheme. On the right hand side of the IA Policy Chart, there are boxes, which cover the legal authority for the policies, the federal/national level of IA policies, as well as operational level documents that provide details on securing the GIG and its assets. Links to these documents can be found in the Chart.
Click on the chart preview to download the full PDF file with links to all policies:
Because IA Policy development is a wide-ranging and ongoing process, we ask for input from all who download this chart, advising us of any policies that may have been overlooked, but should be included. In addition, we ask for any policy updates that may not be properly reflected on the IA Policy Chart or any suggestions to improve the chart. Please send suggestions, comments or questions about the chart to [email protected]. If you have questions about the content of any particular policy, please contact the POC for that policy directly.
