Platform IT Policy Updated
Published, May 5, 2010
As a result of lessons learned during the first year of its execution, the Department of the Navy Platform Information Technology (PIT) policy has been updated to include several key provisions.
The policy: "Information Assurance Policy Update for Platform Information Technology," which was originally released in January 2009, includes the following updates:
- The PIT risk acceptance term has been changed from a term related to certification and
accreditation to PIT Risk Approval (PRA);
- The requirement that all internal and external interconnections must be documented and
validated prior to operations/deployment;
- The addition of requirements for periodic reviews of PRAs; and
- The process for granting interim PRAs.
The enclosures to the policy remain unchanged from the original release.
PIT is a special purpose system, essential in real-time to a platform's mission performance with no direct interconnection to the Global Information Grid. Therefore, PIT systems are not required to go through the full-scale DoD certification and accreditation process, per DoD Directive 8500.1. The DON PIT policy provides processes for ensuring PIT systems include appropriate information assurance (IA) capabilities
embedded in the system. It also ensures that the IA objectives are documented and validated.
All legacy and deployed PIT information systems must be designated by the recognized Designated Accrediting Authorities by Jan. 30, 2011. This compliance date established in the original PIT policy for PIT designations remains unchanged. DON CIO expects that all legacy and deployed system owners will work quickly and diligently to establish recognized PIT designations as soon as possible, rather than wait until the January 2011 deadline.