| What's New! | Feedback | Search Tips | Help
1.2.2.2.B.2     Plan Information Systems Security

Mandatory References       Discretionary Practices       Sample Formats       Software Tools

Plan Information Systems Security

Description

Information systems security requirements shall be included as part of program and systems design activities to preserve integrity, availability, and confidentiality of critical program technology and information. System security requirements shall be established and maintained throughout the acquisition life-cycle for all programs, as applicable.

File Owner: Ralph MacMillan
Organization: ODASD(C3)
Email: unavailable
Phone: (703) 693-6685
File Last Reviewed: Mar 98

 
Mandatory References: Top of Page

Mandatory References

DoD 5000.2-R, Mandatory Procedures for Major Defense Acquisition Programs (MDAPs) and Major Automated Information System (MAIS) Acquisition Programs
Go There C2.7.4. Protection of Critical Program Information and Anti-Tamper Provisions
Go There C6.6. Information Assurance

DoDD 5200.28; Security Requirements for Automated Information Systems (AISs);
Go There 2. Applicability and Scope
Go There 4. Policy
Go There 5. Responsibilities
Go There Enclosure 2, Definitions
Go There Enclosure 3, Minimum Security Requirements
Go There Enclosure 4, Procedure for Determining Minimum AIS Computer-Based Security Requirements
Go There Enclosure 5, Network Considerations

DoDD 8000.1; Defense Information Management (IM); Program;
Go There A. Purpose
Go There B. Applicability and Scope
Go There C. Definitions
Go There D. Policy
Go There E. Responsibilities

Air Force Mandatory References

AFPD 14-3; Control, Protection, and Dissemination of Intelligence Information;
Go There

AFI 14-302; Intelligence; Control, Protection, and Dissemination of Sensitive Compartmented Information;
Go There

AFI 14-303; Release of Collateral Intelligence to US Contractors;
Go There

AFPD 16-2; Operations Support; Disclosure of Military Information to Foreign Governments and International Organizations;
Go There

AFPD 31-2; Law Enforcement;
Go There

AFPD 31-4; Information Security;
Go There

Air Force Policy Directive 63-17; Technology and Acquisition Systems Security Program Protection,
Go There

AFI 31-401; Information Security Program Management
Go There

AFI 31-501; Personnel Security Program Management;
Go There

AFI 31-601; Industrial Security Program Management;
Go There

AFI 31-701; Program Protection Planning;
Go There

AFI 31-702; System Security Engineering;
Go There

AFI 31-703; Product Security;
Go There

AFPD 33-2; Information Protection;
Go There

AFI 33-211; Communications Security (COMSEC); User Requirements;
Go There

COMPUSEC References

AFI 33-207, Computer Security Assistance Program
Go There

AFI 65-403, Follow-up on Internal AF Audit Reports,
Go There

AFPD 33-2, Information Protection,
Go There

AFSSI 5021, Vulnerability and Incident Reporting,
Go There

AFSSI 5024, Vol I, The Certification & Accreditation (C&A) Process
Go There

AFSSI 5024, Vol II, The Certifying Official’s Handbook
Go There

AFSSI 5024, Vol III, The Designated Approving Authorities Guide
Go There

SATE References

AFPD 33-2, Information Protection
Go There Paragraph 1, Policy

AFI 33-204, Information Protection Security Awareness, Training, and Education (SATE) Program
Go There

AFMC Sup 1 AFI 33-204, Information Protection, Security Awareness, Training, and Education (SATE) Program
Go There

COMSEC References

AFKAG-1 (Air Force Communications Security [COMSEC] Operations)
Note: Every COMSEC account in the Air Force is required to have this publication on-hand. It is ordered through the COMSEC Material Control System (CMCS) and not the PDO. As an Accounting Legend Code (ALC) 4 COMSEC publication, it can not be placed in the Deskbook.

AFI 33-211; Communications Security (COMSEC); User Requirements;
Go There Paragraph 4, Communications Security Responsibilities

AFMC SUP to AFI 33-211, Communications Security (COMSEC) User Requirements
Go There

AFI 33-212, Reporting COMSEC Deviations,
Go There

AFI 33-217, Voice Call Sign Program,
Go There Paragraph 1, Terms Explained
Go There Paragraph 4, General Information

AFI 33-219, Telecommunications Monitoring and Assessment Program (TMAP),
Go There

AFI 36-2201 Developing, Managing, and Conducting Training;
Go There Chapter 7 Student Production Reporting

AFKAO-1 (USAF Voice Callsign Instructions)
Note: Every COMSEC account supporting activities requiring callsign support are required to have this publication on-hand. It is ordered through the COMSEC Material Control System (CMCS) and not the PDO. As an Accounting Legend Code (ALC) 4 COMSEC publication, it should not be placed in the Deskbook.

AFKAI-1, USAF Voice Callsign Book
Note: Classified CONFIDENTIAL. Cannot be placed in the Deskbook.

AFJQS 491X1-211U (COMSEC Account Management)
Note: This is a three-volume publication with workbooks and testing materials for each volume, and information for trainers, and may be ordered through PDO. It should not be placed in the Deskbook

EMSEC References

AFI 33-203, Emission Security
Go There

 

 
Discretionary Practices: Top of Page

     Command-Wide Practices:

          AFMC - Managing Information Assurance (IA)

          AFMC - Oversight of Communications Security (COMSEC)

          AFMC - Security Awareness, Training & Education (SATE)

 
Sample Formats & Examples: Top of Page

     Command-Wide Sample Format:

          AFMC - Strawman Network Security Plan

          AFMC - Strawman Risk Analysis

          AFMC - Strawman Security, Test, and Evaluation

 
Software Tool Descriptions: Top of Page

DoD - DSS - Electronic Personnel Security Questionnaire (EPS

 

AcqNOW! Subscribe | Web Sites | Events | Software Tools Catalog

Order CD | Knowledge Management | Legal Notices | Privacy and Security


Web Help Desk
helpdesk@dau.mil
703.805.3459

Last Updated: 23, September 2002