SECURITY POLICY PROJECT

profilelindasa
DoDCompliantPolicies.docx

Running Head: DOD 1

DOD 4

DoD Compliant Policies

Name

Institution

Professor

Course

Date

· DoD has various recognized practices, policies and procedures related to its logical access controls, that constitutes of multifactor authentication, license and software inventories, tracking and potentials for detecting threats plus the information security requirements for the givers of third-party service.

· DoD instruction 5200.01 – establishes primary security policies, provides a high level framework for the national adaptation of DoD policy on the national security classified data (Bennett, et.al, 2019).

· DoD has logical access policies, inclusive of ones requiring usage of multifactor authentication. Logical access require users to validate their identity through utilization of personal identification numbers, common cards of access, the 10biometric data or the security tokens.

· DoD Instruction 8580.02 – it is the personal identifiable health information security in the August 12, 2015 DoD healthcare programs. It permits access to electronically protected health information to users only on the not need-to-know basis. In addition, it requires the user to possess the required clearance before gaining access into the health information that is secured. .

· DoD instruction 8582.01 – safety of the unclassified DoD data on non-DoD data systems, June 6th, 2012. It requires the unclassified DoD data possessed or controlled by these non-DoD entities to get protected by a physical barrier or just a chosen electronic such as the logical authentication.

· DoD instructions 8500.01 – requires DoD to implement system security controls that have been designed by the National Institute of Standards and Technology.

· DOD-UIS-00143: Version 1.1 – is the National Industrial Security Program Enterprise Wide Area Network, a concept allowing the NISP participants to design plus develop a business WAN. It should operate alongside maintaining the NISP system under a unique Authorization to Operate (Bergquist, 2020). The cleared industry firms attempting to design and create the NISP eWAN should ensure they meet particular adopted criteria for owning and operating the eWAN. After proving the eligibility, the organization should ensure it offers a NISP proposal for the same NISP to the NISP authorization office, Defense Security Service.

References

Bennett, G., Forsythe, B., Kelleher, S., & Barborak, G. (2019). Air Force Remote Special Testing and Data Management System Implementation Plan. BAM Technologies.

Bergquist, C. A. (2020). Contract Data Requirements List (CDRL) Best Practices. Defense Acquisition University.