Across the US Department of Defense (DoD), a number of organizations have published strategies, plans, roadmaps, initiatives, and reference-capabilities documents, all in an effort to depict Defense-wide plans, requirements, and outstanding needs for Information Assurance (IA) technologies. These various documents can be said to generally fall into two areas: documents that characterize IA plans and requirements and documents that depict Computer Network Defense (CND) plans and requirements. Even though CND is formally acknowledged as a discipline within IA, as depicted in their strategic and planning documents, the focus and priorities of CND planners often differ significantly from those of broader IA planners. Moreover, even within the IA or CND discipline, there are often conflicts among the visions depicted in different organizations’ strategic or planning documents. This multiplicity of documents, all ostensibly containing complementary if not duplicative objects but reflecting different viewpoints, led the Cyber Security and Information Systems Information Analysis Center (CSIAC) Steering Committee to question whether it was possible to analyze the full range of DoD IA and CND plans and requirements contained in those documents to (1) reveal areas of unnecessary duplication and unexpected disjuncture and (2) to identify significant omissions. A team of CSIAC IA Subject Matter Experts (SMEs) was tasked by the Steering Committee to perform an analysis of a broad, representative set of DoD IA and CND documents published by several different DoD organizations.
Also inside:
– Dartmouth College
– The Kerf Toolkit for Intrusion Analysis
–
– Integrating Information Assurance into the DoD Acquisition System
– Threats Posed by and to 802.11 Wireless Networks
– Careless Keystrokes Can Kill
– CSIAC Spotlight on Research: Dartmouth College
– CSIAC Spotlight on Subject Matter Expert (SME): Dr. Sergey Bratus