DON CIO Guidance - October 10, 2012
The Department of the Navy Chief Information Officer Acquisition Information Assurance Strategy (AIAS) Guidance has been updated to conform to the latest Department of Defense guidance for submission of AIAS's to support the Clinger-Cohen Act and SECNAVINST 5000.2E. This document provides guidance on development and submission of the AIAS to support system acquisition.
SECNAVINST 1543.2 - December 19, 2012
The purpose of this instruction is to establish policy and procedures for Department of the Navy cyberspace/information technology(IT) workforce (WF) professional development through a continuous learning program (CLP). The CLP requires 40 hours per year of education, training, certification and other activities that support the sustainment and continued improvement of the capabilities of the DON Cyberspace/IT WF.
DTG 281759Z AUG 12 - August 29, 2012
The purpose of this coordinated Department of the Navy Chief Information Officer, DON Deputy CIO (Navy), DON Deputy CIO (Marine Corps), and DON Information Security Program Authority message is to update policy for the disposal and mandatory physical destruction of electronic storage media.
DoD CIO Memo - May 29, 2012
The Department of Defense requires its "Five Eyes" (FVEY) partner nations (Australia, New Zealand, Canada, and the United Kingdom) to use Public Key Infrastructure (PKI) for secure communication with DoD personnel on the Nonsecure Internet Protocol Router Network (NIPRNet), and authentication to DoD NIPRNet websites. In February 2006, the FVEY partner nations signed an Annex to the Combined Joint Multilateral Master ...
DON CIO Memo - November 20, 2012
To maintain security and facilitate the support requirements of the Department's General Officer (GO)/Flag Officer (FO)/Senior Executive Service (SES), the issuance of Alternate tokens to GO/FO/SES personnel and their designated staff is permitted.
DON Performance Plan - October 4, 2012
This plan details the Department of the Navy's continued efforts to reduce the Navy's overall data center footprint, deliver cost and environmental efficiencies and increase the overall information technology security posture while ensuring Navy and Marine Corps warfighting capability remains strong. This effort aligns directly with the Office of Management and Budget Federal Data Center Consolidation Initiative and the ...
SECNAVINST 5720.44C - June 15, 2012
The purpose of this instruction is to provide basic policy and regulations for carrying out the public affairs and internal relations programs of the Department of the Navy.
DON CIO Memo - February 9, 2012
This memo details new ways to satisfy operating system/computing environment certification requirements for the Cybersecurity Workforce.
DON CIO Memo - February 10, 2012
This memo formally establishes Department of the Navy Cyber Range guidance. The Cyber Range provides an operationally realistic environment to support exercises, training, testing and evaluation with no risk to operational networks.
CJCSI 6211.02D - December 18, 2007
This instruction establishes policy, responsibilities and connection approval process for sub networks of the Defense Information System Network (DISN).
DTG 031648Z Oct 11 - October 4, 2011
This message outlines acceptable use standards when using Department of the Navy information technology resources for official and authorized unofficial purposes.
DoD Guidance - January 13, 2012
This document provides an outline, content and formatting guidance for the Program Protection
Plan (PPP) required by DoDI 5000.02 and DoDI 5200.39. The outline structure and tables are
considered minimum content that may be tailored to meet individual program needs.
The guidance is based on the July 18, 2011, memo, "Document Streamlining -- Program Protection Plan," which can be found on the first page of the ...
DON CIO Memo - July 1, 2011
This memo provides the Department of the Navy with execution guidance in response to Department of Defense (and Federal Government) direction to migrate to the use of a stronger cryptographic hash algorithm for network security (authentication activities including CAC logon and digital signatures).
UNSECNAV Memo - May 13, 2011
The purpose of this memo is to establish a common enterprise approach between the functions of the DON CIO and the Navy and Marine Corps. This renewed approach is designed to strengthen the integration and success of the Department's IM, IT (to include national security systems) and cyberspace (excluding intel, attack and exploit), and information resource management operations, procurement and business processes.
DON CIO Memo - May 4, 2011
The DON Information Management/Information Technology/Cyberspace Campaign Plan for Fiscal Years 2011-2013 outlines the IM/IT/cyberspace and IRM priorities of the Department of the Navy for the next 24 months. Throughout this period, the DON will retain the flexibility to respond to emerging challenges and opportunities; therefore, the plan is a living document, which will incorporate feedback and updates as necessary.
DTG 211312Z APR11 - April 21, 2011
This Naval message updates guidance for requesting public key enablement waivers through the Department of Defense Information Technology Portfolio Repository-DON. While the requirement for a waiver for a system that is not public key enabled has not changed, the process was incorporated into the DON Enterprise Architecture compliance assessment.
DON CIO Memo - March 16, 2011
This memo provides additional guidance for the commercial certification compliance process and corrective actions for civilian personnel who fail to meet DON Information Assurance Workforce Improvement Program requirements.
UNSECNAV Memo - December 9, 2010
This memo addresses information technology/cyberspace efficiency initiatives and realignment in the Department of the Navy. It underscores the challenge by the Secretary of Defense to think about the DON's approach to IT initiatives and to centralize and consolidate efforts where it makes sense. This memo directs the DON Chief Information Officer to take the lead for the Department for this endeavor, noting that it is a ...
DoD CIO Memo - October 27, 2010
This Department of Defense Deputy Chief Information Officer memorandum establishes the DoD's position on acceptance and use of qualified Personal Identity Verification Interoperable (PIV-I) credentials for access to DoD logical and physical resources. Where appropriate, DoD relying parties (e.g., DoD installation commanders or information systems owners) should accept electronically validated PIV-I credentials for ...
DTG 091446Z SEP 10 - September 10, 2010
This message announces the termination of the contract to obtain a Department of the Navy enterprise level commercial off-the-shelf Defense Information Assurance Certification and Accreditation Process tool.
SECNAVINST 5239.21 - August 30, 2010
This policy establishes electronic signature policy for the Department of the Navy consistent with Federal and Department of Defense legislation and policies. This policy is not a mandate to replace handwritten signatures with electronic signatures but rather is a policy to adopt electronic signatures as the preferred means of conducting business transactions within the DON.
DTG 192014Z AUG 10 - August 23, 2010
The purpose of this Naval message is to reinforce how personnel store and distribute national security information (NSI), as well as to remind personnel of their responsibility to safeguard NSI commensurate with level of classification until the information is declassified by the appropriate original classification authority.
DON Guidance - October 24, 2011
The DON Cyber/IT Workforce Strategic Plan FY 2010 - FY 2013 establishes the Department of the Navy's priorities for ensuring workforce excellence. It identifies the goals and objectives that will allow the DON to recruit, manage, develop, sustain and retain a talented workforce.
SECNAVINST 5239.20 - June 23, 2010
This instruction serves to establish policy and assign responsibilities for the administration of the Department of the Navy (DON) Cybersecurity (CS)/Information Assurance Workforce (IAWF) Management Oversight and Compliance Program.
DON CIO Guidance Document - May 5, 2010
The Department of the Navy Chief Information Officer has updated the security control mapping document originally published in November 2009. DON CIO has collaborated with Assistant Secretary of Defense (Networks & Information Integration) (ASD (NII)) to further refine the mapping of the Department of Defense's current security controls to the new consolidated security controls in NIST SP 800-53, revision 3. In addition ...
DON CIO Memo 02-10 - February 6, 2009
The purpose of this memo is to update the Department of the Navy Information Assurance (IA) Platform Information Technology (PIT) policy. DON Platform IT is a concept for risk management and approval of DON IT systems that do not interconnect with Department of Defense networks and the Global Information Grid. The DON PIT policy stresses that IA requirements still apply to PIT systems and provides guidance to PIT policy ...
UNSECNAV Memo - February 19, 2010
This memo conveys the seriousness the Under Secretary of the Navy places on personal privacy and the safe management of Department of the Navy personally identifiable information (PII) and his intention to make eradicating further PII breaches a Departmental priority. This includes implementing a DON-wide plan to reduce the collection and use of Social Security numbers.
SECNAVINST 3501.1B - March 2, 2010
This instruction provides policy and delineates specific responsibilities for implementing critical infrastructure protection in the Department of the Navy.
DTG 201807Z JAN 10 - January 20, 2010
This Naval message declares that Strategic Missions Assurance Data Systems (SMADS) is the single authoritative source of Task Critical Assets (TCAs) for Department of the Navy reporting. It also lists the deadlines for entering TCAs into SMADS, which will better facilitate rapid and consistent DON-level reporting.
DON CIO Memo - January 22, 2010
The Department of the Navy Chief Information Officer has released a memorandum designating the DON Principal Deputy CIO as the DON Senior Information Assurance Officer (SIAO).
The DON SIAO responsibilities include facilitating alignment and consistent application of information management, information technology, and information assurance policies, processes, responsibilities, and procedures across the Department. ...
DTG 291445Z DEC 09 - December 30, 2009
This Naval message details the steps that must be taken by the Department of the Navy Deputy Chief Information Officers to ensure proper public key enablement of unclassified private web servers and applications. It also requires submission of a service-specific plan of actions and milestones by Jan. 31, 2010.
DTG 231919Z NOV 09 - November 30, 2009
This Naval message modifies the Dec. 31, 2009, compliance requirement established for purchase and installation of personal electronic device smart card readers as a result of shortages and unavailability of the required hardware at the manufacturer level.
DON CIO Guidance Document - November 18, 2009
Recently, the National Institute for Standards and Technology (NIST) published Special Publication (SP) 800-53, revision 3, Recommended Security Controls for Federal Information Systems and Organizations, which provides a consolidated catalog of security controls. The Department of the Navy will continue using the DoDI 8500.2 as the authoritative source for security controls until otherwise specified. However, ...
DTG 091603Z NOV 09 - November 12, 2009
This Naval message provides Department of the Navy participation requirements in the DoD Information Assurance and Certification and Accreditation Technical Advisory Group meetings.
DTG 051610Z NOV 09 - November 6, 2009
This Naval message provides requirements for individual systems to achieve and maintain 100 percent compliance with the required certification and accreditation, annual security review, annual testing of security controls, and annual evaluation of contingency plans.
The message also highlights continuous compliance with Federal Information Security Management Act (FISMA) metrics and non-compliance consequences. In ...
Federal CIO Council Guidance - September 23, 2009
The use of social media for federal services and interactions is growing tremendously, supported by initiatives from the administration, directives from government leaders, and demands from the public. This situation presents both opportunity and risk. Guidelines and recommendations for using social media technologies in a manner that minimizes the risk are analyzed and presented in this document.
This document is ...
DTG 022007Z SEP 09 - September 29, 2009
This Naval message announces publication of a new document intended to clarify the challenges and opportunities of the cyber domain. New technologies and global networks that serve as great enablers to global prosperity and security can also become great vulnerabilities. The Marine Corps must clarify its role in supporting DoD cyberspace efforts and determine its own optimum capabilities and capacities. This new ...
DoD Memo - July 27, 2010
This memo rescinds and replaces the Sept. 6, 2007, Department of Defense Information Technology Portfolio Repository (DITPR) and DoD SIPRNET IT Registry Guidance 2007-2008 memo. This memo directs that all IT and National Security Systems must be registered in DITPR.
ASD(NII) Directive-Type Memorandum 08-027 - September 4, 2009
This Assistant Secretary of Defense (Networks and Information Integration) Directive-Type Memorandum
establishes policy for managing the security of unclassified Department of Defense information on non-DoD information systems. A list of frequently asked questions provides information and direction for implementation in the Department of the Navy.
DoD Memo - July 27, 2009
This memo provides a systematic, repeatable process for ensuring timely reciprocity of Department of Defense information systems and will advance information sharing, and reduce rework and cycle time when establishing Combined/Joint ISs/Networks.
SECNAVINST 5239.3B - June 25, 2009
This instruction establishes information assurance (IA) policy for the Department of the Navy consistent with national and Department of Defense (DoD) policies. It also designates the DON Chief Information Officer as the DON official assigned responsibility and delegated authority in order to ensure Federal, DoD and DON IA requirements are carried out within the Department of the Navy.
DON CIO Memo - June 15, 2009
The purpose of this memo is to provide requirements for the Department of the Navy input to the FY 2009 Federal Information Security Management Act (FISMA) Report.
View enclosure 1: DoD FISMA Guidance FY 2008.
SECNAV M-5239.2 - June 8, 2009
This manual is intended to serve as a high-level policy for Information Assurance Workforce (IAWF) management and is effective immediately. It describes DON IAWF management plans and provides direction for implementation of DoD Directive 8570.1 and DoD 8570.01-M. It also establishes DON IAWF oversight and management reporting requirements, as well as IA awareness requirements for information system users.
DTG 181430Z MAY 09 - May 21, 2009
This Naval message implements the Department of Defense Privacy Impact Assessment (PIA) guidance of Feb. 12, 2009, for the Department of the Navy. The following is highlighted:
The guidance expands PIA coverage from just members of the public to include Federal personnel, Federal contractors, and Foreign Nationals employed at U.S. military facilities abroad.
PIAs are required for legacy systems and electronic ...
DON CIO Memo - May 26, 2009
This memo provides guidance for the interactions among the Service Certifying Authorities (CAs), Service Designated Accrediting Authorities (DAAs), and the DON Senior Information Assurance Officer (SIAO). These interactions are based on the business rules stated in the Dec. 18, 2008, memorandum, Senior Information Assurance Officer Alignment and Responsibilities for Information Assurance and Certification and Accredi
DON Guidance - October 19, 2011
The Department of the Navy relies on a network of physical and cyber infrastructure so critical that its degradation, exploitation or destruction could have a debilitating effect on the DON's ability to project, support and sustain its forces and operations worldwide.
This critical infrastructure includes DON and non-DON domestic and foreign infrastructures essential to planning, mobilizing, deploying, executing and ...
DON Guidance - October 19, 2011
The purpose of the Department of the Navy Computer Network Defense (CND) Roadmap is to communicate the DON strategy for sustaining and improving CND now and in the future as the DON transitions to the Naval Networking Environment (NNE). In this age of network-centric warfare, computer and network technologies are diffused into virtually all military systems, and interconnected military units operate cohesively. CND is ...
DTG 241757Z APR 09 - May 20, 2009
This Naval message is about the NIPRNet Hardening Initiative. The first increment of this initiative involves the registering, testing, and restricting access to and from the Internet of all public-facing File Transfer Protocol (FTP), web, e-mail and Domain Name System (DNS) servers. The first step in this first increment was successfully completed. The DON CIO congratulates all involved for a job well done. This message ...
SECNAVINST 5230.15 - April 17, 2009
SECNAVINST 5230.15 mandates that all COTS software in use across the Department of the Navy be vendor supported. DON organizations desiring to continue to use COTS software that is no longer supported must request and receive a waiver to this policy.
DON Charter - April 9, 2009
This charter establishes the DON Information Assurance Workforce Management Oversight and Compliance Council (IAWF MOCC). The IAWF MOCC will provide DON-wide oversight of, and ensure compliance with, the IAWF improvement program. The IAWF MOCC will oversee development of IAWF education, training and certification standards.
SECNAVINST 3052.2 - April 2, 2009
This instruction establishes policies and responsibilities for the administration of cyberspace within the Department of the Navy.
DoD Instruction 5400.16 - February 18, 2009
This instruction establishes policy and assigns responsibilities for completion and approval of privacy impact assessments to analyze and ensure personally identifiable information in electronic form is collected, stored, protected, used, shared and managed in a manner that protects privacy.
DTG 312021Z JAN 09 - February 2, 2009
This Naval message announces the availability of the Department of Navy Data At Rest Enterprise Solution for Non-NMCI assets and ends the moratorium on DAR software purchases. Implementation of this solution enables compliance with Department of Defense, Joint Task Force-Global Network Operations and DON policy mandates for encryption of sensitive information on mobile computing devices and portable storage media.
DTG 281919Z JAN 09 - February 2, 2009
This Naval message provides amplification guidance for the purchase and installation of Common Access Card readers on all Personal Electronic Devices including BlackBerrys. It also identifies the procurement options for the required hardware.
DTG 081605Z JAN 09 - January 9, 2009
This Naval message provides Department of the Navy Federal Information Security Management Act goals for FY 09. This includes requiring that individual systems achieve and maintain 100 percent compliance with the required certification and accreditation, annual security review, annual testing of security controls and annual evaluation of contingency plans.
DTG 181905Z DEC 08 - January 6, 2009
This Naval message emphasizes that personally identifiable information (PII) annual awareness training is foundational to the safeguarding of PII and key to understanding the Department's breach reporting responsibilities. It explains how DON leadership must continually reinforce PII awareness, through training, so that personnel properly safeguard privacy sensitive information in order to improve business processes.
DON CIO Memo - December 19, 2008
This memo aligns Senior Information Assurance Officer responsibilities for the Department of the Navy with requirements in the DoD Information Assurance Certification and Accreditation Process (DIACAP)
Instruction 8510.01.
DTG 031859Z DEC 08 - December 5, 2008
This Naval message details policy changes that have been made as a result of an impact assessment and data call conducted by the DON CIO to understand where software certificates are used in the Department's unclassified environments.
DTG 201839Z NOV 08 - November 21, 2008
This Naval message reinforces current Department of the Navy policy aimed at reducing the number and potential impact of lost, stolen or compromised personally identifiable information (PII) to Sailors, Marines, government personnel, dependents and DON contractors.
DON CIO Memo - October 23, 2008
The purpose of this memo is to provide initial guidance for all Navy and Marine Corps commands regarding the use of emerging web tools to facilitate collaboration and information sharing in the Department ofthe Navy. These tools, described in enclosure (I) include wikis, blogs, mash ups, web feeds (such as, Really Simple Syndication and Rich Site Summary (RSS) feeds), and forums, which are often referred to as components ...
DTG 032009Z OCT 08 - October 6, 2008
This Naval message provides updates to the DON policy for digital signature and encryption of email. It also provides updated budget guidance for procurement and use of Smart Card Reader technology to support digital signature and encryption of email from Personal Electronic Devices.
DTG 212100Z AUG 08 - September 10, 2008
This Naval message contains information and outlines actions for NMCI users to prepare for the rollout of GuardianEdge, which will be implemented on all NMCI NIPR computers and removable storage devices (thumb drives, data CD, etc.) used on NMCI.
DON Handbook - July 21, 2008
The Department of the Navy DoD Information Assurance Certification and Accreditation Process (DIACAP) Handbook details the baseline DON approach to the DIACAP and the procedures necessary to obtain an accreditation decision for DON information systems undergoing the C&A actions as required under Federal law, and DoD and DON regulations and directives. In addition to this handbook, service unique guidance will be ...
May 20, 2008
The Department of the Navy DITSCAP to DIACAP Transition Guide provides details that guide the implementation of the transition process and procedures established by the DON CIO. These details provide procedural, technical, administrative and supplemental guidance for all information systems, whether business or tactical, used in the automatic acquisition, storage, manipulation, management, movement, control, display, ...
DTG 231330Z MAY 08 - May 23, 2008
This Naval message announces the release of the Department of Defense Information Assurance Certification and Accreditation Process implementation documents to the Department of the Navy.
DON Strategy Document - April 10, 2008
A multidisciplinary team from across the Department of the Navy developed this document, which outlines our future vision for a robust and highly interconnected enterprise networking capability in the 2016 timeframe to fully support the needs of our warfighting and warfighting-support organizations and personnel. The vision and strategy outlined in this document shall be used as a guide for ensuring alignment of our ...
DTG 122213Z MAY 08 - May 13, 2008
This Naval message announces increased attention being focused across the Department of the Navy to minimize the use of PKI software certificates.
White House Memo - May 16, 2008
This memo adopts, defines and institutes "Controlled Unclassified Information" (CUI) as the single, categorical designation henceforth throughout the executive branch for all information within the scope of that definition.
DTG 311917Z MAR 08 - April 1, 2008
This Naval message provides the way ahead for the Department of the Navy transition to Defense Information Assurance Certification and Accreditation Process.
SECNAVINST 5239.19 - March 24, 2008
This instruction establishes Department of the Navy incident response policy to align and integrate DON computer incident response and reporting requirements with Department of Defense policy guidance.
DTG 142031Z MAR 08 - March 17, 2008
This Naval message reiterates policy, direction and guidance regarding Continuity of Operations (COOP) planning as it relates to information technology systems. Additionally, this message directs that COOP plans will address connectivity to data and services that reside on Department of the Navy networks and communications considerations; establish-IT related processes and procedures to identify IT damage and ...
DTG 291600Z FEB 08 - February 29, 2008
This Naval message provides Department of the Navy requirements for resolving deficiencies in contingency planning identified by a Department of Defense Inspector General audit and ensuring DON policy aligns with information assurance requirements.
DTG 291652Z FEB 08 - March 3, 2008
This Naval message announces the updated reporting process to be used when there is a known or suspected loss of Department of the Navy personally identifiable information. It includes new and existing requirements for incident reporting recently issued by the Office of Management and Budget and the Department of Defense.
Please note: Since the release of this message, the Defense Privacy Office (DPO) email address ...
DTG 241518Z JAN 08 - January 25, 2008
This Naval message provides guidance governing the implementation of wireless local area network (WLAN) solutions using the IEEE 802.11 body of standards, commonly referred to as WiFi. The primary focus of this effort is unclassified wireless networking solutions.
Joint DON CIO and CHINFO Memo - February 1, 2008
This policy provides Department of the Navy guidance for governing the registration, content, compliance, and investment of all unclassified DON web sites and their associated Uniform Resource Locators. The policy applies to all DON commands and activities with unclassified web sites (publicly accessible or access restricted) designed, developed, procured or managed by DON activities and/or hosted and managed by their ...
DTG 091256Z OCT 07 - December 17, 2007
This Naval message provides guidance regarding the move to choose an enterprise solution to encrypt sensitive Data at Rest (DAR) and states that commands should hold off on purchasing DAR products and services until an enterprise solution is identified.
ALNAV 070/07: R 042232Z OCT 07 - September 8, 2008
This ALNAV message stresses the seriousness of safeguarding personally identifiable information (PII) across the Department by establishing an annual PII awareness training requirement, as well as completing semi-annual command level PII compliance spot checks.
View PII Spot Check Form.
DON CIO Memo - January 17, 2008
This memo establishes the roles and responsibilities of the Department of the Navy Deputy Senior Information Assurance Officer for Computer Network Defense (DON Deputy SIAO for CND). The DON Chief Information Officer Information Assurance and Network Security Team Lead has been named the DON Deputy SIAO for CND and will report to the DON SIAO.
DTG 202041Z AUG 07 - December 17, 2007
This Naval message provides guidance for the use of personal electronic devices (PEDs). Commands are encouraged to immediately begin transition to PEDs that support digital signature and encryption. Effective March 31, 2008, use of PEDs that are not natively compliant or have not upgraded to meet the requirements will no longer be permitted.
DTG 232026Z JUL 07 - December 17, 2007
This Naval message defines personally identifiable information (PII) and emphasizes the importance of its proper handling following more than 100 incidents of PII loss during the past 18 months.
DoD Memo - December 18, 2007
This memo establishes additional DoD policy for the protection of sensitive unclassified information on mobile computing devices and removable storage media. It applies to all DoD Components and their supporting commercial contractors that process DoD information.
DoD Memo - December 18, 2007
This memo outlines Department of Defense policy on the encryption of Sensitive Unclassified Data at Rest on mobile computing devices and removable storage media.
DTG 171952Z APR 07 - December 18, 2007
This Naval message establishes interim policy for the handling of personally identifiable information when stored on government furnished laptop computers, other mobile computing devices and removable storage media (e.g., removable hard drives, thumb drives, blackberries, personal digital assistants, compact discs and DVDs).
DoD Memo - December 17, 2007
This memo authorizes the issuance of CACs to foreign national partners who have been properly vetted and who require access to a DoD facility or network logon access to meet a DoD mission. This would apply to DoD sponsored foreign national military, government, and contractor personnel.
DoD Memo - February 5, 2009
This Department of Defense policy memo requires the review of NIPRNET web sites to ensure proper configuration of mandatory/discretionary access controls on private web servers, web-based applications and web portals. It underscores the need for implementation of access controls for rules-based authorization decisions, in addition to use of Public Key Infrastructure for user authentication.
USD P&R Policy Memo - May 22, 2008
This memo establishes Department of Defense policy for the adoption and use of digital signature as a standard business practice for all Human Resources Management (HRM) and Compensation business processes that require a signature.
OMB Memo 06-16 - December 18, 2007
This memo provides a checklist from the National Institute of Standards and Technology for the protection of remote information. The intent of implementing the checklist is to compensate for the lack of physical security controls when information is removed from, or accessed from outside the agency location. This memo includes additional actions for departments and agencies to take to protect sensitive information.
OMB Memo 06-19 - December 18, 2007
This memo provides update guidance on the reporting of security incidents involving personally identifiable information. It also restates existing requirements and explains new requirements.
DON CIO Memo - April 14, 2008
This memo and enclosures prescribe the Department of Defense and Department of the Navy Privacy Impact Assessment guidance for IT systems that contain information in identifiable form.
DoD CIO Memo - May 22, 2008
This memo provides direction to incorporate standard digital signature profiles into all applications, systems or processes that use digital signatures. This implementation will lead industry toward interoperable digital signature implementations.
DoD Memo - December 18, 2007
This memo provides suggestions on technical means to protect unclassified sensitive information on portable computing devices used within DoD. The measures are in addition to the normal physical security required for such devices so that, if they fall into the wrong hands for any reason, access to the sensitive DoD information they contain will be more difficult.
DON Guidance - December 18, 2007
This guidance document provides a foundation for improving the Department of the Navy's information assurance (IA) posture and outlines courses of action to comply with the requirements of the Federal Information Security Management Act of 2006. The document supports and complements current SECNAV IA Policy (SECNAVINST 5239.3B), bolsters established policies and procedures to ensure FISMA compliance, improves the DON's ...
DoD Guide - December 18, 2007
This guide specifies technical details for implementing interagency PIV I and PIV II National Institute of Standards and Technology Special Publication 800-73v1 requirements in the DoD CAC environment. It documents how the DoD common access card and middleware are implemented with PIV.
FIPS 201-1 - December 18, 2007
This standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors. The goal is to achieve appropriate security assurance for multiple applications by efficiently verifying the claimed identity of individuals seeking physical access to Federally controlled government facilities and electronic access to government information systems.
DoD 5220.22-M - December 18, 2007
This manual prescribes requirements, restrictions, and other safeguards that are necessary to prevent unauthorized disclosure of classified information and to control authorized disclosure of classified information.
SECNAVINST 5211.5E - October 30, 2008
SECNAVINST 5211.5E implements the Privacy Act of 1974 per the Department of Defense Privacy Program Directive and Regulation ensuring that all DON military members and civilian/contractor employees are made fully aware of their rights and responsibilities with regards to privacy. The program attempts to balance the government’s need to maintain information with the obligation to protect individuals against unwarranted ...
DON CIO Memo - December 18, 2007
This memo forwards memorandum from the Department of Defense Biometrics Executive Agent that mandates all new acquisitions or upgrades of electronic biometric collection systems used by DoD components conform with the DoD electronic biometric transmission specifications.
SECNAV M-5239.1 - August 5, 2008
This manual implements the policy set forth in SECNAVINST 5239.3B: Department of the Navy Information Assurance Policy and is issued under the authority of SECNAVINST 5430.7N: Assignment of
Responsibilities and Authorities in the Office of the Secretary of the Navy. It is intended to serve as a high-level introduction to information assurance and IA principles. It discusses common IA controls and associated requirements ...
DoD Memo - December 18, 2007
Organizations outside the Federal Government often approach Department of Defense personnel to obtain updated contact information for their publications, which are then made available to the public. The information sought usually includes names, job titles, organizations, phone numbers and room numbers. The DoD director of Administration and Management issued a policy memo Nov. 9, 2001, that provided greater protection ...
DON Guidance - December 18, 2007
This summary provides the Department of the Navy format for system assessors to use when conducting a Privacy Impact Assessment.
DTG 061525Z OCT 04 - December 18, 2007
This Naval message provides amplifying public key infrastructure implementation guidance.
HSPD-12 - December 18, 2007
This Homeland Security Presidential Directive establishes a government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors (including contractor employees). This standard will result in enhanced security, increased Government efficiency, reduced identity fraud, and protection of personal privacy.
DTG 161957Z OCT 02 - December 18, 2007
This Naval message identifies the requirements for remote access to DON Enterprise email from Non-DoD computers. Remote access is typically implemented using Outlook Web Access via the Internet.
DON Guidance - October 25, 2011
The Department of Navy Chief Information Officer has developed information technology capital planning and portfolio management processes to assist DON organizations with their responsibilities and initiatives related to selecting, managing and evaluating IT investments to ensure they are compliant with the Government Performance and Results Act and the Clinger-Cohen Act. The Guide for Developing and Using IT Performance ...
Department of Defense Charter - December 18, 2007
By direction of Congress, the Secretary of Defense chartered a Smart Card Senior Coordinating Group to develop and implement department-wide interoperability standards for use of smart card technology and a plan to exploit smart card technology as a means for enhancing readiness and improving business processes.
December 3, 2012
The Department of the Navy Chief Information Officer Privacy Office reports that 80 percent of all "high-risk" personally identifiable information (PII) breaches involve the Social Security Number (SSN). Recent DON and Department of Defense policy guidance outlines steps that reduce or eliminate the collection, use, display and maintenance of the SSN in DON business practices. As a result, commands are now authorized to ...
November 19, 2012
The upcoming Thanksgiving holiday marks the beginning of the annual holiday shopping season. Every year, more people turn to the Internet as a way to find bargains and conveniently fulfill their shopping list. Before you start your holiday shopping, remember to make sure security measures are in place and you understand the consequences of your actions and behaviors to safely enjoy the benefits of the Internet.
September 12, 2012
October 2012 marks the ninth annual National Cybersecurity Awareness Month (NCSAM). This year's theme, "Our Shared Responsibility," aims to amplify the importance for all Internet users to do their part in making the Internet safer.
December 31, 2007
The Information Assurance Scholarship Program (IASP), authorized by Chapter 112 Title 10 United States Code, is designed to increase the number of qualified personnel entering the information assurance (IA) and information technology fields within the Department. It also serves as a mechanism to strengthen the IA infrastructure through grants, while assisting the Department in addressing emerging IA/IT issues, and as a ...
August 24, 2012
Scholarships are being offered for Department of the Navy civilian and military personnel through the Department of Defense Information Assurance Scholarship Program to meet the increasing demand for cyber/information technology professionals with a cybersecurity/information assurance (CS/IA) focus. These scholarships for master's and doctorate level work cover the cost of tuition, fees, and books. They can be used for ...
March 5, 2009
The following is a list of CHIPS Magazine articles about personally identifiable information (PII) breaches based on factual reports sent to the DON CIO Privacy Office. Incidents such as these will be reported in each subsequent issue of CHIPS Magazine.
May 30, 2012
The Department of Defense Chief Information Officer has announced a decision to cease the issuance of software Public Key Infrastructure (PKI) certificates to its "Five Eyes" (FVEY) partner nations (Australia, New Zealand, Canada and the United Kingdom). A memo released on May 8, 2012, states that starting May 31, 2012, the FVEY partner nations that interact with the DoD on the Nonsecure Internet Protocol Router Network ...
May 11, 2012
The Navy Marine Corps Intranet (NMCI) continues to improve its security profile by increasing the use of smartcard credentials for network authentication. The network has established interoperability with Personal Identity Verification (PIV) smartcards issued by non-Department of Defense agencies and departments. ...
by Gretchen Kwashnik - January 12, 2012
The federal government's "cloud first" policy, as part of the Federal Chief Information Officer's "25 Point Implementation Plan to Reform Federal Information Technology Management," requires federal agencies to consider cloud computing before making new IT investments and to move at least three applications to the cloud by May 2012.
by Steve Muck - January 12, 2012
The following is a recently reported personally identifiable information (PII) data breach involving the posting of a large number of documents containing PII on an activity's shared drive. Incidents such as this will be reported in CHIPS magazine to increase PII awareness. Names have been changed or omitted, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy ...
by Jessica Pelenberg - November 21, 2011
As the quest for cost saving efficiencies rages on, three government officials spoke about the challenges their organizations are facing and their plans to tackle them at the Fifth Annual C5ISR Government and Industry Partnership Conference held Nov. 16, in Charleston, S.C.
by Jennifer M. Ellett - October 26, 2011
Certification and accreditation (C&A) transformation is an initiative to align processes, terminology and frameworks for assessing information security risk across all federal agencies, including the defense and intelligence communities. This effort will provide efficiencies, standardization and support to reciprocity.
by Steve Muck & Steve Daughety - October 26, 2011
The following is a recently reported personally identifiable information (PII) data breach involving a Department of the Navy support contractor who improperly handled PII. Incidents such as this will be reported in CHIPS magazine to increase PII awareness. Names have been changed or omitted, but details are factual and based on reports sent to the DON Chief Information Officer Privacy Office.
by Mike Hernon - October 26, 2011
The Department of the Navy anticipates that personnel will begin teleworking in significant numbers when a new telework policy is released shortly. As a result, there will be explosive growth in the number of users who need to connect to the Navy Marine Corps Intranet and other government networks from remote locations, primarily from a home office, but also from other locations via cellular or Wi-Fi networks.
October 13, 2011
The Department of the Navy Chief Information Officer reiterated standing policy on what is considered acceptable use of DON IT resources for official and authorized unofficial purposes with the release of the Oct. 3 message, "Acceptable Use Policy for DON IT Resources."
by Floyd Groce and Karen M. Davis - July 24, 2011
As all personnel within the Department of Defense and across the federal government are well aware, this is an era of increased budget scrutiny. However, with this scrutiny comes a new opportunity to assess and advance how DoD operates and to improve efficiency across a wide variety of business units and operations. As a significant budget item, the massive information technology infrastructure is no exception and offers ...
by Terry Halvorsen - July 24, 2011
The Department of the Navy must change the way it manages its business information technology (IT) systems. It is the reality of these fiscally constrained times; and frankly, it is the right thing to do as good stewards of taxpayer money.
by DON CIO Privacy Team - July 14, 2011
The purpose of this tip is to reinforce existing DON policy regarding digitally signing and encrypting emails that contain personally identifiable information (PII).
July 7, 2011
The Department of the Navy Chief Information Officer released guidance directing the Department's migration to the use of a stronger cryptographic hash algorithm in data security authentication procedures such as CAC logon and digital signatures.
by Mary Purdy - May 17, 2011
On a daily basis, Chris Kelsall, director of the Department of the Navy Chief Information Officer Cyber/IT workforce management team, collaborates with federal and Department of Defense organizations to develop policies and initiatives to ensure the DON Cyber/IT workforce is supported and provided resources to enhance professional development. However, when the situation requires strategic review to effect change, the ...
by Terry Halvorsen - May 4, 2011
Why is the Department of the Navy aggressively pursuing information technology efficiencies? There are a number of contributing factors that led to the recent focus on efficiencies, but the primary catalyst is the realization by Department of Defense and DON leadership that from a fiscal perspective we cannot continue to do business the same old way, or it will adversely affect our ability to direct necessary resources ...
May 3, 2011
The process for requesting waivers for systems that have not been properly Public Key Enabled (PKE) has been updated. System owners requesting a PKE waiver must now also assert the system's overall compliance with the DON Enterprise Architecture.
March 21, 2011
Three information technology leaders from the Department of the Navy were among this year's Federal 100 Award winners. Federal Computer Week magazine presents the award to 100 professionals from government, industry and academia who have played pivotal roles in affecting how the Federal Government acquires, develops and manages IT.
by DON CIO Privacy Team - February 26, 2009
Privacy Tips are meant to increase awareness about privacy issues that impact the Department of the Navy by highlighting a specific topic. Feedback or suggestions for future topics are welcomed.
by Steve Muck - January 21, 2011
Human error is the cause of 80 percent of the DON's PII breaches. Not knowing or not following guidance, or just being careless can result in the unintended disclosure of privacy sensitive information and potentially adversely affect many personnel.
December 8, 2010
President Obama has proclaimed December 2010 "Critical Infrastructure Protection Month." The proclamation demonstrates the President's commitment to what CIP professionals do each day to help keep the country safe.
October 29, 2010
The Department of Defense Deputy Chief Information Officer recently published a memo for Department-wide distribution on DoD acceptance and use of qualified Personal Identity Verification-Interoperable (PIV-I) credentials for access to DoD logical and physical resources.
August 30, 2010
The Department of the Navy Chief Information Officer has signed out SECNAVINST 5239.21: "Department of the Navy Electronic Signature Policy," making electronic signatures the preferred means of conducting business transactions within the Department.
July 15, 2010
The Department of the Navy Chief Information Officer has published the DON Cyber/IT Workforce Strategic Plan FY 2010-2013. This plan establishes the DON's priorities for ensuring workforce excellence. It identifies the goals and objectives that will allow the DON to recruit, manage, develop, sustain and retain a talented workforce.
July 8, 2010
To ensure continuous oversight and sustainment of the Information Assurance Workforce Improvement Program, the Department of the Navy signed out a new instruction that further defines cybersecurity and information assurance workforce management and assigns compliance responsibilities.
by Mike Hernon, Tony Soules and Bob Turner - May 17, 2010
Not a week goes by without an inquiry to the Department of the Navy Chief Information Officer or the Navy or Marine Corps Designated Approving Authority (DAA) regarding the desire to bring a commercial wireless device, usually a BlackBerry, into restricted areas where classified information is discussed, stored or otherwise processed.
by James Mauck - May 17, 2010
The Secretary of Defense has embraced public key cryptography as a critical component of defense-in-depth and contributor to the overall Department of Defense information assurance (IA) strategy for protecting its information and networks. DoD Instruction 8520.2, "Public Key Infrastructure (PKI) and Public Key Enabling (PKE)" establishes the requirements for PK-enabling all email, private web servers and networks.
by Christopher Perry - May 14, 2010
Achieving and maintaining information dominance will require continuous and timely advances in both technology and operational processes. Cloud computing is one such rapidly emerging area of technology and operations that the Department of the Navy is already planning for and beginning to pilot. To achieve information dominance, it is vital that all new technologies and processes, such as cloud computing, be thoroughly ...
May 5, 2010
The Department of the Navy Chief Information Officer has updated the security control mapping document originally published in November 2009.
May 5, 2010
As a result of lessons learned during the first year of its execution, the Department of the Navy Platform Information Technology (PIT) policy has been updated to include several key provisions.
by Steve Muck - February 22, 2010
The following is a recently reported compromise of personally identifiable information (PII) involving the disposal of copiers containing personal information stored on their hard drives. Incidents such as this will be reported to increase PII awareness. Names have been changed or removed, but details are factual and based on reports sent to the DON CIO Privacy Office.
by Mike Hernon - February 25, 2010
For years now, Navy Marine Corps Intranet (NMCI) users have jealously eyed the laptop-wielding, Wi-Fi-connected masses in coffee shops, hotels and airports as they turned idle time into productive time. Barred from full network access, NMCI users on the go had to settle for cellular phones, air cards and Outlook Web Access to provide mobile support. While these capabilities provide some fairly productive mobility tools, ...
by Sonya Smith - February 23, 2010
The December 2008 report written by the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency, "Securing Cyberspace for the 44th Presidency," began with one central finding: "The United States must treat cybersecurity as one of the most important security challenges it faces."
by DON CIO Privacy Team - February 23, 2010
The Department of the Navy, Department of Defense and Office of Management and Budget (OMB) have mandated the protection of data at rest (DAR) on all unclassified network seats/devices. NMCI is implementing a solution using GuardianEdge Encryption Anywhere and Removable Storage software to meet these requirements. All data in computer storage as well as data written to a removable storage device will be encrypted. This ...
February 17, 2010
Ten information technology leaders from the Department of the Navy were among this year's Federal 100 Award winners. Federal Computer Week magazine presents the award to 100 professionals from government, industry and academia for their efforts in effecting change, progress and efficiency in determining how the Federal Government acquires, develops and manages IT.
by DON CIO Privacy Team - January 4, 2010
ALNAV 070/07 Department of the Navy Personally Identifiable Information (PII) Training Policy states that, "Commanders/Commanding Officers/Officers in Charge will ensure that supervisors conduct a spot check of their assigned area of responsibility, focusing on those areas that deal with PII on a regular basis (e.g., human resources, personnel support, medical, etc.)." The ALNAV also states that the compliance spot check ...
December 22, 2009
The Department of the Navy Chief Information Officer team is mourning the loss of their esteemed colleague Dr. Richard W. Etter, who served more than 34 years in the Department of the Navy, most recently as the DON CIO Director of Cybersecurity and Critical Infrastructure and the DON Deputy Senior Information Assurance Officer for Computer Network Defense. Dr. Etter died of a heart attack Monday, Dec. 21, 2009, while at ...
by Steve Muck - November 6, 2009
The following is a recently reported compromise of personally identifiable information (PII) involving the theft of storage media containing personal information. Names have been changed or removed, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy Office.
November 18, 2009
The Department of the Navy Chief Information Officer has developed a security control mapping document to support the transition to common security controls among the DON, the Department of Defense, the Intelligence Community (IC) and the rest of the Federal Government.
by Christy Crimmins - November 9, 2009
The use of social media has become a popular topic within the Department of the Navy, Defense Department and across the federal government. As agencies begin to venture into this media, whether it is creating an agency Facebook page or updating constituents via Twitter, precautions must be taken and risks should be assessed. While these tools open up many avenues for broader communication and collaboration, they also ...
by Mike Hernon and Bob Turner - November 6, 2009
Delivering a robust enterprise mobility capability to the Department of the Navy workforce requires leveraging various wireless tools at our disposal. One such tool, Short Message Service (SMS), or text messaging, is often overlooked but can provide significant benefits when used appropriately.
by DON CIO Privacy Team - November 2, 2009
A successful command privacy program must include an aggressive records review and disposal component. While hard copy files cannot be ignored, the volume of electronic data files is a much larger issue and must be aggressively addressed by local commands/units.
by DON CIO Privacy Team - October 2, 2009
Two recent personally identifiable information (PII) breach incidents involving the turn in of reproductive office equipment highlight the fact that many people do not know that copiers and printers present information security challenges.
by Tom Kidd - August 19, 2009
Whether wireless voice, video or data, the number of wireless applications are increasing. Wireless capabilities can be as simple as a wireless doorbell system or as complex as a naval unmanned aerial system providing real-time intelligence to forward-deployed Marines and Sailors. While the use of wireless systems is certainly advantageous for mobile requirements, wired systems retain a number of inherent benefits for ...
August 7, 2009
The Department of Defense has recently published the DoD Information Systems Certification and Accreditation (C&A) Reciprocity Memo signed by the DoD Principal Accrediting Authorities - senior officials who represent the interests of the Global Information Grid Mission Areas for C&A.
June 26, 2009
SECNAVINST 5239.3B: "DON Information Assurance Policy" was recently signed establishing IA policy for the Department of the Navy consistent with national and Department of Defense policies. With its 56 references, it provides IA policy for the Department over a broad spectrum, and assigns responsibilities in the DON for developing, implementing, managing and evaluating DON IA programs, policies, procedures and cont
June 19, 2009
Dr. Richard W. Etter, deputy senior information assurance officer, discusses how the Computer Network Defense (CND) Roadmap highlights the direction the Department of the Navy is heading in terms of future CND capabilities in this recent Washington Technology eSeminar. He also discusses the Department's goal to be more advanced, persistent and sophisticated with the CND t
by DON CIO Privacy Team - May 26, 2009
Why should you protect your personal information? To an identity thief, it can provide instant access to your financial accounts, your credit record and your other personal assets. If you think that no one would be interested in your personal information, think again.
May 26, 2009
The Department of the Navy Chief Information Officer recently signed the DON Information Assurance and Certification and Accreditation Concept of Operations (CONOPS).
May 8, 2009
The Department of the Navy Senior Information Assurance Officer (DON SIAO) recently signed the "Department of the Navy Computer Network Defense (CND) Roadmap."
by DON CIO Privacy Team - April 30, 2009
As cell phones and personal digital assistants (PDAs) become more technologically advanced, attackers are finding new ways to target victims. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device.
by Steve Muck - April 20, 2009
The following is a recently reported compromise of personally identifiable information (PII) involving the transmission of an un-encrypted e-mail which contained National Security Personnel System (NSPS) performance ratings of employees within a Navy region. Names have been changed or removed, but details are factual and based on reports sent to the DON CIO Privacy Office.
by DON CIO Privacy Team - April 6, 2009
This Privacy Tip provides a list of things you should know about the Interal Revenue Service (IRS) and identity theft.
by DON CIO Privacy Team - March 3, 2009
If the Department of the Navy eliminated the use of Social Security numbers (SSN) from email, forms, documents and electronic information technology systems, 80 percent of the personally identifiable information (PII) breaches reported in 2008 would never have occurred. The March Privacy Tip of the Month explores the relationship between SSNs and identity theft. It also provides approaches to reducing the display, ...
by Steve Muck - February 20, 2009
The following is a reported loss or breach of personally identifiable information (PII) involving a Department of the Navy information system with lessons learned from the event. Names have been changed or removed, but details are factual and based on reports sent to the DON Privacy Office.
February 2, 2009
The Department of the Navy enterprise solution for protection of sensitive Data at Rest (DAR) on non-NMCI assets is now available. Implementation of this solution enables compliance with DoD and DON requirements associated with protection of personally identifiable information (PII) and other types of sensitive DAR on mobile computing devices and portable storage media.
by DON CIO Privacy Team - January 26, 2009
During the past year, the Department of the Navy has experienced problems relating to turning in excess information technology and office equipment that contain personally identifiable information (PII).
January 16, 2009
The Department of the Navy released its Federal Information Security Management Act (FISMA) Goals for FY09 in Naval message DTG 081605Z JAN 09. This Naval message provides requirements for individual systems to achieve and maintain 100 percent compliance with the required certification and accreditation, annual security review, annual testing of security controls, and annual evaluation of contingency plans.
December 19, 2008
In light of the increased reliability on information systems and an increased visibility of cyber security and number of attacks on systems, the criticality of consistent and thoughtful risk management has been recognized by senior leaders throughout the government.
January 8, 2009
During the past year, the Department of the Navy has experienced a few documented cases of identity theft linked to the loss of government privacy information. The December 2008 Privacy Tip focused on how thieves steal identities, what they do with the personal information they obtain, and general information about identity theft. This Privacy Tip is reproduced from Department of Justice guidance found on its
November 13, 2008
During the past year, the Department of the Navy has experienced a few documented cases of identity theft linked to the loss of government privacy information. This Privacy Tip focuses on how thieves steal identities and what they do with that personal information, as well as general information about identity theft.
October 30, 2008
As outlined in a recently published memo, the Department of the Navy endorses the secure use of Web 2.0 tools to enhance collaboration, streamline processes and foster productivity.
by Yuh-Ling Su - October 29, 2008
Process and Security Improvements Under DIACAP
On November 28, 2007, the most significant change in security policy in 10 years occurred when the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP) replaced the DoD Information Technology Security Certification and Accreditation Process (DITSCAP).
The Department of the Navy commenced full transition to DIACAP on March ...
September 9, 2008
The U.S. General Services Administration awarded Blanket Purchase Agreements (BPAs) to assist Federal agencies in protecting the confidentiality of personal credit and payment information, as well as providing a fast and effective solution for Federal agencies needing commercial-off-the-shelf credit monitoring services, according to its web site.
September 4, 2008
Recent personally identifiable information (PII) breach reports highlight the need to conduct searches of shared drives throughout the Department to protect employees’ personal information and reduce the risk of identity theft. PII is found most often in documents related to awards, medals, legal issues, medical records and financial data.
by Steve Muck - August 6, 2008
The following is a synopsis of a recently reported loss or breach of personally identifiable information (PII) that highlights common mishandling mistakes made by individuals within the Department of the Navy.
Names have been changed, but details are factual and based on reports sent to the DON Privacy Office.
September 3, 2008
Peer-to-Peer (P2P) networks, which link computers directly, allowing users to swap digital movies, music and files with other users without centralized security controls or oversight.
July 28, 2008
The recently released Department of the Navy Cyber Crime Handbook provides an overview of the definitions, criminal techniques, electronic laws, incident reporting and responses regarding cyber threats to DON personnel and the Department's global network infrastructure.
July 21, 2008
The DON DoD Information Assurance Certification and Accreditation Process (DIACAP) Handbook provides a comprehensive guide for executing certification and accreditation (C&A) processes within the Department of the Navy.
July 11, 2008
An enterprise solution to encrypt DON data-at-rest (DAR) for non-Navy Marine Corps Intranet (NMCI) networks is anticipated to be available this fall from the Department of Defense Enterprise Software Initiative/SmartBUY Enterprise Software Agreements.
July 11, 2008
Phishing is a criminal activity in which an adversary attempts to fraudulently acquire sensitive information by impersonating a trustworthy person or organization. Examples of such practices include manipulated emails that appear to be from the Department of the Navy, Navy Federal Credit Union, Navy Knowledge Online or other recognizable contacts.
June 13, 2008
Whether due to carelessness or theft, the loss of laptops and other portable electronic devices (especially thumb drives), continues to be one the top contributors to the loss of personally identifiable information (PII).
June 9, 2008
The International Association of Privacy Professionals' (IAPP) mission is to define, promote and improve the privacy profession globally and is the world's largest association of privacy professionals representing more than 5,000 members from business, government and academia across 32 countries. It is the first organization to establish educational and testing credentials for information privacy, i.e., the Certified ...
by Steve Muck - May 14, 2008
The following synopsis of a recently reported loss or breach of personally identifiable information (PII) highlights common mishandling mistakes made by individuals within the Department of the Navy. Names have been changed, but details are factual and based on reports sent to the DON Privacy office.
May 13, 2008
From FBI.gov
The scenario: You are at the airport waiting for your flight. With time to kill, you are thinking of connecting your laptop to the airport’s Wi-Fi to check your office e-mail, do some personal banking or shop for a gift for your spouse.
However, chances are there is a hacker sitting nearby with a laptop attempting to “eavesdrop” on your computer to obtain personal data that will provide access to ...
April 1, 2008
An instruction that establishes the Department of the Navy’s Computer Network incident response and reporting policy was recently signed out by the DON Chief Information Officer.
by Steve Muck - February 11, 2008
The following is a synopsis of a recently reported loss or breach of personally identifiable information (PII) that highlights common mishandling mistakes made by individuals within the Department of the Navy. Names have been changed, but details are factual and based on reports sent to the DON Privacy Office.
April 25, 2008
Section 208 of the E-Government Act of 2002 establishes government-wide requirements for conducting, reviewing and publishing Privacy Impact Assessments (PIA). The PIA directs agencies to conduct reviews of how privacy issues are considered when creating or purchasing new information technology (IT) systems or when initiating new electronic collections of information in identifiable form. A PIA addresses privacy factor
by DON CIO Privacy Team - December 11, 2008
The following is a list of topics with questions that are frequently asked of the Department of the Navy Chief Information Officer Privacy Team. Responses have been provided and, in many cases, there are added references to the guidance that is cited. Please provide the Privacy Team additional questions so they may be added to the list.
by DON CIO Privacy Team - September 25, 2012
Even though you should assume that all information you share on Facebook could be made public, there are precautions you can take to share your information only with those you chose. This presentation provides step-by-step instructions to help Facebook users create a balance between safeguarding their privacy and enjoying the benefits of social networking online.
September 13, 2012
This toolkit assists individuals in developing, tracking, and managing their careers and facilitates competency management for the information management/information technology and knowledge management (KM) professional at the organizational level.
August 8, 2012
The Department of the Navy Chief Information Officer has created press-quality posters to help communicate the importance of protecting and properly handling personally identifiable information (PII).
by DON CIO Privacy Team - April 9, 2009
The following privacy presentations are provided for reference and use in developing future presentations and briefings.
January 22, 2009
The table below provides FY2013 Unique Investment Identifiers (UIIs), formerly Unique Project Identifiers (UPIs), for Department of the Navy information technology systems. The UII is required when completing a Privacy Impact Assessment (PIA).
September 8, 2008
This checklist is an internal Department of the Navy document to be used by command leadership to assess the level of compliance in the handling of personally identifiable information as delineated by law and/or specific DoD/DON policy guidance. As commands adapt this checklist for their own use, their checklists will be posted here as a resource for others.
by DON CIO Privacy Team - February 25, 2009
The following resources are provided to support the Department of the Navy's annual privacy training and semi-annual compliance spot-check requirements. Note: The GENADMIN (DTG 181905Z DEC 08) training requirement supercedes the ALNAV 070/07 training requirement. The compliance spot check requirements of the ALNAV remain in effect.
by DON CIO Privacy Team - August 3, 2010
The following guidelines are provided for the proper destruction of Department of the Navy hard drives.
by DON CIO Privacy Team - May 4, 2009
Welcome to the Department of the Navy Chief Information Officer Privacy Team recommended reading list. This list will be periodically updated.
by DON CIO Privacy Team - June 16, 2009
The identity theft brief attached below was presented at the 2012 Department of the Navy IM/IT Conference and is provided as a reference and for use in developing other PII presentations.
by DON CIO Privacy Team - April 22, 2009
The personally identifiable information (PII) brief attached below was presented at the 2012 Department of the Navy IM/IT Conference and is provided as a reference and for use in developing other PII presentations.
by DON CIO Privacy Team - April 22, 2009
The Privacy Impact Assessment (PIA) brief attached below was presented during the 2012 Department of the Navy IM/IT Conference and is provided as a reference and for use in developing other PIA presentations.
by DON CIO Privacy Team - May 22, 2009
The following provides the proper routing for Navy and Marine Corps Privacy Impact Assessments (PIAs). The last two signature blocks on the DoD PIA Template (DD FORM 2930 NOV 2008) are reserved for (1) the DON Privacy Act Program Manager (DNS-36) or USMC Privacy Act/FOIA Officer and (2) the DON CIO.
January 30, 2009
An Office of Management and Budget (OMB) Information Collection Number is required when collecting information from 10 or more members of the public in a 12-month period and is used in completing the Privacy Impact Assessment (PIA) Template.
by DON CIO Privacy Team - January 30, 2009
The following resources are provided to assist with the privacy impact assessment submission process.
February 18, 2009
This document attempts to address the common issues encountered as a privacy impact assessment moves its way through the review and approval process. Consider this a "living" document and help us improve its content and usefullness.
February 18, 2009
This document provides examples of possible responses to the privacy impact assessment (PIA) template questions that deal with the risks associated with the electronic collection of personally identifiable information and the ways to mitigate those risks.
February 6, 2009
The Platform Information Technology (PIT) Determination Checklist is provided to assist acquisition program managers in assessing the characteristics of a proposed IT system or component to determine if it is a Platform IT candidate and, therefore, subject to information assurance implementation.
Note: Two versions of the PIT checklist are posted below. The "pdf" version is for manual submission; the "doc" version ...
January 21, 2009
The DON Privacy Quiz highlights basic personally identifiable information (PII) knowledge and policy information that all DON personnel should be familiar. It is recommended that command/unit privacy officials use this quiz (attached below) as a training aid that can be specifically tailored to local use. Please provide feedback on how to make this a better tool by submitting your comments to the DON CIO Privacy Team via ...
January 16, 2009
The following breach-related resources are provided to aid in reporting the loss or suspected loss of personally identifiable information (PII).
January 16, 2009
The attached brief provides background information, the resultant responses and best practices developed by the Bureau of Naval Personnel related to the sensitivity to the loss of personally identifiable information of DON personnel. Also attached is a transcript from the presentation.
December 17, 2008
In addition to the privacy resources and information available on the DON CIO website, the following list of websites provide further information on privacy and identity theft prevention.
November 21, 2008
The new Department of Defense Privacy Impact Assessment Template has been published and is available for use by Army, Navy, Air Force, DISA, OSD/JS, DLA, TMA and DFAS. The link provides access to the Word and fillable PDF versions of DD FORM 2930 on the DoD forms web site.
August 5, 2008
These two forms are available for use in accordance with DTG 291652Z FEB 08: Loss of Personally Identifiable Information Reporting Process.
OPNAV 5211/13:DON Loss or Compromise of Personally Identifiable Information (PII) Breach Reporting Form is used for initial and supplemental breach reporting. <
August 5, 2008
Commands reporting a loss or suspected loss of personally identifiable information (PII) will be contacted by the Department of the Navy Chief Information Officer Privacy Team to determine if individual notifications are required. The decision to notify will be based on the nature of the PII compromised and the resultant level of risk of identity theft. If the command is faced with notifications and cannot locate the ...
July 22, 2008
The DON Table of Potential Consequences and Penalties for the Mishandling/Improper Safeguarding of PII was developed with legal assistance from the Department of the Navy’s Office of Civilian Human Resources and its Workforce Relations and Compensation Division, the Office of the Judge Advocate General, and the Office of the DON CIO.
July 23, 2012
The Department of the Navy Cyber Crime Handbook contains an overview of the definitions, criminal techniques, electronic laws, incident reporting and responses regarding the cyber threats to Department personnel and the global infrastructure we rely on.
April 2, 2008
The information assurance workforce is key to assuring the Department of the Navy has adequate security measures to protect and defend its information and information systems. With the increasing threat evidenced by the hundreds of daily attempts to breach the Department’s computer networks, equipping an IA workforce that is educated and trained to meet these challenges is an imperative. Throughout government, efforts ...
April 22, 2008
Today the Department of the Navy's (DON) Information Assurance (IA) and Computer Network Defense (CND) workforce professionals are preparing to take commercial certification tests — changing what used to be a voluntary event into a routine, but mandatory, part of IA/CND training.
Compliance with the Federal Information Security Management Act (FISMA) prompted the Department of Defense (DoD) to dramatically change IA ...