ARMY NATIONAL GUARD INFORMATION ASSURANCE PROGRAM POLICY
- 52 pages
- For Official Use Only
- January 31, 2007
This Policy provides Information Assurance (IA) policies and mandates procedures for implementing the Army National Guard (ARNG) IA Program. The ARNG IA program will implement the Department of Defense (DoD) IA program, DoD Instruction (DoDI) 8500.2, “Information Assurance Implementation,” IAW Army Regulation (AR) 25-2, “Information Assurance” chapter 1 g-8 to support the DoD Information Management Strategic Plan, (IMSP). This Policy supports the Federal Information Security Management Act, (FISMA) 2002 and any other federal guidelines as needed; and shall be consistent with today’s technological advancements, in a generic fashion to avoid dependency on specific technology.
This Policy shall:
• Establish policies and assign responsibilities for achieving acceptable levels of Information Assurance in engineering, implementation, operation, and maintenance for all information systems connecting to all ARNG Networks, to include GuardNet Wide Area Network (WAN), • Provide administrative and systems security requirements, including those for interconnected systems.
• Define and mandate the use of risk assessments and the DoD Defense in Depth Strategy.
• Use the principle of least privilege to ensure that users and administrators get only the access that they require.
• Describe the roles and responsibilities of the individuals who constitute the Information Assurance security community and its users, and outlines training and certification requirements IAW DoDI 8500.2, DoD I 8570.1, and AR 25-2.
• Require a life-cycle management approach to implementing Information Assurance requirements and requires the implementation of a configuration management process IAW AR 70-1.
• Establish a procedure to document the status of generic accreditations for all information systems fielded by the ARNG.
• Establish requirements to ensure that ARNG Designated Approving Authorities (DAAs) meet the system accreditation requirements of this Policy before fielding or testing any system that requires connection to ARNG Networks IAW DoD Directive (DoDD) 8500.1, DoDI 8500.2, DoDI 5200.40, and AR 25-2.
For the purpose of this Policy, the following terms all refer to the Joint Forces Headquarters J-6 (JFHQ J-6) of each State and/or Territories: Director of Information Management (DOIM), Deputy Chief of Staff for Information Management (DCSIM), Chief Information Officer (CIO), or other term used to refer to the Director of Information Management within your State and/or Territories.