[ Pobierz całość w formacie PDF ]

defined in Reference (q). In many respects, knowledge repositories serve as the cybersecurity
and cyberspace defense community  memory and they enable policy or process interoperability
and should be used to share information and answer questions.
5. CYBERSPACE DEFENSE. Cyberspace defense uses architectures, cybersecurity,
intelligence, counterintelligence (CI), other security programs, LE, and other military capabilities
to harden the DoD Information Enterprise to be more resistant to penetration and disruption; to
strengthen the U.S. ability to respond to unauthorized activity and defend DoD information and
networks against sophisticated and agile cyber threats; and to recover quickly from cyber
incidents.
a. Defense of DoD IT. Defense of DoD IT and information networks is under the direction
of the Commander, USSTRATCOM, in accordance with Reference (cd) and is conducted as
described in Commander, USSTRATCOM, orders or other directives such as alerts and
bulletins, Reference (bl), and DoD Manual O-8530.01 (Reference (cq)). Cyberspace defense is
integrated with other elements of network operations as described in DoDI 8410.02 (Reference
(cr)).
33 ENCLOSURE 3
DoDI 8500.01, March 14, 2014
b. Continuous Monitoring Capability. DoD will establish and maintain a continuous
monitoring capability that provides cohesive collection, transmission, storage, aggregation, and
presentation of data that conveys current operational status to affected DoD stakeholders. DoD
Components will achieve cohesion through the use of a common continuous monitoring
framework, lexicon, and workflow as specified in NIST SP 800-137 (Reference (cs)).
c. Penetration and Exploitation Testing. Evaluation of cybersecurity during an acquisition
T&E event must include independent threat representative penetration and exploitation testing
and evaluation of the complete system cyberspace defenses including the controls and protection
provided by computer network defense service providers. Penetration and exploitation testing
must be planned and resourced as part of the DT&E and OT&E via the appropriate program test
documentation.
d. Cyber Defense Personnel. Cyber defense personnel operating on or in DoD IS will be
identified using identity authentication methods in DoDI 8520.03 (Reference (ct)).
e. LE and CI (LE/CI)
(1) The DoD Cyber Crime Center, as described in DoDD 5505.13 (Reference (cu)),
provides digital and multimedia forensics and specialized cyber investigative training and
services. In this role it coordinates and facilitates relationships across LE, intelligence, and
homeland security communities.
(2) DoD component LE/CI agencies deploy capabilities on DoD networks with the intent
to identify and investigate the human element posing a threat to DoD IT and DoD information.
Cybersecurity will be used in support of countering espionage, international terrorism, and the CI
insider threat in accordance with DoDI 5240.26 (Reference (cv)).
(3) DoD network administrators will accommodate all applicable legitimate and lawful
deployment of LE/CI tools and solutions. DoD LE/CI organizations in turn will make all
reasonable attempts to coordinate the implementation of LE/CI solutions with their respective
AO in a manner consistent with service-level change control processes in order to avoid any
disruption to mission critical operational tempo.
f. Insider Threat. Insider threats must be addressed in accordance with policy and
procedures published by the USD(P).
6. PERFORMANCE
a. Organizations will implement processes and procedures to accommodate three conditions
necessary to realize effective cybersecurity that is consistently implemented across DoD:
(1) Organization Direction. This includes organizational mechanisms for establishing
and communicating priorities and objectives, principles, policies, standards, and performance
34 ENCLOSURE 3
DoDI 8500.01, March 14, 2014
measures.
(2) A Culture of Accountability. This includes aligning internal processes, maintaining
accountability, and informing, making, and following through on decisions with implications for
cyberspace protection and defense.
(3) Insight and Oversight. This includes measuring, reviewing, verifying, monitoring,
facilitating, and remediating to ensure coordinated and consistent cybersecurity implementation
and reporting across all organizations without impeding local missions.
b. In addition to the structures that facilitate DoD s major decision processes (e.g., the Joint
Chiefs of Staff Joint Capabilities Integration and Development System described in CJCSI
3170.01 (Reference (cw)), DoDD 7045.14 (Reference (cx)), Reference (au)) cybersecurity
performance is facilitated by the DoD CIO Executive Board in accordance with the DoD CIO
Memorandum (Reference (cy)) and its supporting governance bodies (e.g., IA Senior Leadership
forum, DoD ISRMC).
c. Strategic cybersecurity metrics will be defined, collected, and reported by the DoD CIO in
partnership with the DoD Components. DoD CIO will develop and issue guidance regarding
how cybersecurity metrics are determined, established, defined, collected, and reported.
7. DoD INFORMATION
a. The DoD Information Security Program is described in DoDI 5200.01 (Reference (cz)).
All classified information and CUI must be protected in accordance with References (bs), (by),
(bo), and (bp).
b. DoD s information sharing policies and procedures are defined in DoDD 8320.02
(Reference (da)) and DoD 8320.02-G (Reference (db)). Information sharing actions and
activities will be aligned with the DoD Information Sharing Operational Strategy and Guidance
(see www.dodcio.defense.gov). A security clearance held is an attribute of any identified DoD
person, and that attribute should be discovered and considered when a decision is made to share
classified information. If the information intended to be shared is not classified, then other
attributes associated with the identity of the sharing recipient may need to be discovered before
the sharing is executed. [ Pobierz całość w formacie PDF ]