Charting the Way to Defense Information Assurance
The Defense Department’s IA Policy Chart features hyperlinks that allow users to stay current with policy changes and origins.
John H. Dittmer VI, a Booz Allen Hamilton associate who is with the project, explains that the information assurance (IA) policy chart allows IA personnel to capture the breadth of IA policies, some of which are unfamiliar to many professionals in the field. “As a former Navy IAO [information assurance officer] and DHS ISSO [Department of Homeland Security information system security officer], I understand the challenges in finding the current versions of the right policy documents for the many IA issues that we face today,” Dittmer offers.
The new chart shows how its policies fit into the department’s IA strategy. It is structured around the department’s four cyber identity and information assurance goals, which in turn are subdivided into activities supporting each goal. The chart identifies each policy’s originator through color coding, which enables IA personnel to track down the sponsoring organization along with personal contact information. It also identifies the underlying legal authority for many of its policies in statutes and federal regulations.
One of the most dynamic capabilities involves an automatic alert feature. This allows a user to be warned automatically whenever the chart changes. Red borders highlight specific policies that have undergone recent change.
The IA chart builds on a concept established by the Office of the Undersecretary of Defense for Acquisition, Technology and Logistics. This chart used color coding and hyperlinks to illuminate department acquisition policies. However, the IA chart goes beyond that by covering policies for building, operating and securing the Global Information Grid.
Most of the policies listed on the IA chart are Defense Department policies, although some have federal government origins. Dittmer explains that the chart’s managers receive weekly updates on all changes in Defense Department-level IA policies, and several individuals are involved in various aspects of IA policy in government. This enables managers to keep abreast of changes both within and outside the department that might affect defense IA policy. These managers also regularly check the chart’s hyperlinks to ensure that they remain valid, and a feedback section on the chart’s web site provides valuable input from users.
For the future, Dittmer relates that planners are considering several ideas. One near-term approach would be to link to other related policy charts as they are developed, particularly in the services. Other Defense Department components have made inquiries about developing their own charts, and some international partners have discussed the possibility of charting their own IA policies, he reports.
Defense Department experts also are looking at creating software apps so that these policies can be accessed by iPhones, BlackBerrys and other smart mobile devices. This information would be presented in a modified mobile version, Dittmer explains.
The chart and background information can be accessed at http://iac.dtic.mil/iatac/ia_policychart.html.