Information Assurance (IA)
Information Assurance (IA) is defined by Department of Defense Instruction (DoDI) 8500.01E as "measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation." Successful protection of Department of Defense (DoD) assets requires policy compliance and an understanding of the vulnerabilities humans face when interacting with information systems. Personnel and Readiness Information Management (P&R IM) offers a suite of services to ensure the successful implementation of IA measures and compliance with DoD policy.
P&R IM's Role
P&R IM offers guidance and training in the following areas:
- Department of Defense Information Assurance Certification and Accreditation Program (DIACAP): DIACAP supports the Certification and Accreditation (C&A) of DoD Information Technology (IT) systems by providing the framework and requirements for C&A to be utilized by organizations and system owners. P&R IM provides oversight to and/or manages the C&A process on Defense Human Resources Activity (DHRA) components’ information systems.
- Employee Awareness: Employee awareness is a countermeasure against the vulnerabilities discussed above and a means to reduce human-related risks. To maximize the protection of systems and information, it is essential to maintain a federal workforce that is aware of, trained on, and educated about information security and assurance. P&R IM employee awareness training topics cover a broad spectrum of IA education including:
- Basic principles of IA
- Information accessibility, handling, labeling, and storage protection
- Physical, operational, and environmental information security protection
- Privacy Act and Personally Identifiable Information (PII) protection
- Common information security threats, vulnerabilities, and risks
- Information Assurance Vulnerability Management (IAVM): IAVM employs positive control mechanisms to mitigate potentially critical software vulnerabilities, through the rapid development and dissemination of actions. P&R IM manages the IAVM program and Computer Network Directives for DHRA. P&R IM produces required documentation, ensures timely reporting of compliance statistics for each Information Assurance Vulnerability Alert (IAVA) and Computer Network Directive, aggregates acknowledgement and compliance reports, and updates the Vulnerability Management System (VMS) accordingly, among other responsibilities.
- Privacy Impact Assessments (PIAs): All DoD agencies must conduct PIAs – evaluations of the privacy impact of any substantially revised or new IT systems that collect, maintain, or disseminate PII and for those systems or projects that convert PII paper-based records to electronic systems. P&R IM helps DHRA and other Human Resources Management (HRM) system owners determine if a PIA is necessary and provides requirements for documentation completion, reviews PIAs for completeness and compliance prior to DoD Chief Information Officer (CIO) submission, and ensures that approved PIAs are posted on each component's website.
For more information on IA at P&R IM, please visit the links provided on this page or contact the P&R IM Representative.