DOCSLIB.ORG

12.1 Information Resources and Technology Management

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

INFORMATION RESOURCES MANAGEMENT 12.1 Information Resources and Technology Management A. Proponent: Assistant Director for Information Technology Division (ITD) and Chief Information Officer (CIO). Telephone: 202-307-9677. B. Purpose: To establish United States Marshals Service (USMS) policy governing the planning, management, operation, and use of information technology (IT) and information resources (IR). This policy applies to all persons who use USMS IT resources, including but not limited to employees, contractors, task force officers, and interns. This policy applies to classified and unclassified computer and telecommunications systems, technology, peripheral devices, and resources that are acquired for use by, owned, operated, or managed by USMS offices and users. C. Authority: References to selected laws and regulations applicable to this policy directive are in Appendix 1, Authority. D. Policy: ITD is responsible for the promulgation of policy, procedures, management and oversight, and provision of support services for all IR management and IT systems in the USMS. The Tactical Operations Division (TOD) is responsible for the management and provision of support services for secure telecommunications equipment and services. 1. The Assistant Director for ITD, also known as the CIO, is responsible for: a. Advising and assisting the Director, Deputy Director (DD), Associate Directors (AD), Assistant Directors (A/AD), United States Marshals (USM), and other senior USMS staff in order to ensure that the USMS plans, acquires, manages, and uses IT and IR in a manner that enhances mission accomplishment; improves work processes and paperwork reduction; provides sufficient protection for the privacy of personal information; promotes citizen-centered electronic government; and is consistent with all applicable federal laws and policy directives; b. Recommending USMS-wide policies, and issuing standards, procedures and guidelines to ensure an effective and integrated approach to IT planning, management, and reporting; c. Developing and managing a USMS IT Strategic Plan that supports Department of Justice (DOJ) and USMS mission-oriented goals and performance measures, and is consistent with the laws and regulations affecting IT security; d. Developing strategic performance measures which apply to the objectives in the DOJ IT Strategic Plan; and e. Developing, maintaining, and implementing the USMS Enterprise Architecture (EA) program. The EA program guides the selection and implementation of the USMS IT investments. The EA program: USMS Policy Directive 12.1, Information Resources and Technology Management. Page 1 of 4 Effective: 3/19/2010 1) Defines the various elements of USMS architecture, connections to departmental and federal architecture, and the interaction with other DOJ component architectures; 2) Delivers optimum IR requirements necessary to support DOJ's mission and strategic goals, thereby facilitating consolidated, centralized, and integrated component IT services which improve information access, quality, and economies of scale; 3) Identifies the IT capabilities required to achieve USMS IT strategic goals and specifies a plan to develop, acquire, and integrate those capabilities into DOJ's architecture; 4) Ensures compliance with the Office of Management and Budget (OMB) federal architecture guide, standards, and requirements; and 5) Ensures that USMS IT investments are aligned with DOJ architecture, and that those investments are delivering the expected technical and functional performance results. f. Administering the IT Investment Management (ITIM) program. The CIO: 1) Establishes and maintains a USMS-wide enterprise portfolio management process that manages USMS investments from inception to retirement; 2) Integrates the USMS enterprise portfolio management process into the USMS budget process and manages the IT portion of the budget process; and 3) Ensures compliance with OMB federal investment management guidance and with DOJ and OMB reporting requirements. g. Administering and coordinating USMS IT acquisition management with the Assistant Director for the Financial Services Division (FSD). The IT acquisition management process: 1) Is governed by the Federal Acquisition Regulations (FAR) and by the Justice Acquisition Regulations (JAR), Circulars, and Procurement Guidance Documents (PGD); 2) Includes the completion of key activities for acquiring products and services, including the identification of discrete units of work or modules to be contracted, market research, identification of competition, potential contracting sources, contract types and budget and funding; 3) Addresses risks and provides the appropriate incentives for contractors to perform based on the government's expectations; 4) Develops an acquisition strategy for all major IT projects, which shall be revised whenever significant changes occur during the life cycle of the IT project; 5) Utilizes acquisition planning to direct procurements throughout the life cycle of the major IT project; USMS Policy Directive 12.1, Information Resources and Technology Management. Page 2 of 4 Effective: 3/19/2010 6) Utilizes DOJ and General Services Administration (GSA) enterprise license agreements, if available, and adheres to OMB policy directives to procure products and services required for IT projects; 7) Utilizes modular contracting to acquire major IT systems to the maximum extent feasible to provide incremental benefits and costs versus lengthier contract delivery approaches. Contracts and modules shall be aligned with current and anticipated program funding. Contracts shall contain discrete units of work as identified in the acquisition strategy; 8) Utilizes Statements of Work (SOWs) which reference all of the relevant DOJ IT policies, the EA, and other standards including the Technical Reference Model (TRM), where compliance is required for the acquisition of IT products and services; and 9) Requires contractors to use an earned value management system to monitor and report on project cost and schedule performance outcomes. h. Ensuring Privacy Impact Assessments (PIAs) are: 1) Conducted in accordance with the E-Government Act of 2002 and applicable DOJ and OMB guidance, including OMB Memorandum 03– 22; 2) Conducted and reviewed prior to the development of a new system (or system modification), ideally when requirements are being analyzed and decisions are being made about data usage and system design; and 3) Published on a publicly available web site on a page devoted to privacy or to the system for which the PIA was conducted, or Freedom of Information Act (FOIA) electronic reading room. i. Ensuring the compliance with and implementation of USMS-wide policy and procedures concerning the accessibility of DOJ information technology by federal employees, contractors, and members of the public sector, as specified by 1998 Amendment to Section 508 of the Rehabilitation Act. j. Assessing IT human capital needs and requirements and developing and implementing strategies and plans for meeting these needs and requirements. k. Reviewing and evaluating: 1) The performance of USMS IT programs and projects; and 2) IT funding requests, including reprogramming actions. l. Providing IT services and operations to the USMS. m. Delegating responsibilities, as necessary, for the effective and efficient operation of the USMS IR program and IT systems. n. Consulting and coordinating, as appropriate, with the Office of General Counsel (OGC) to identify legal issues and ensure compliance with the E-Government Act of 2002, the Privacy Act of 1974, and other applicable statutes and regulations. USMS Policy Directive 12.1, Information Resources and Technology Management. Page 3 of 4 Effective: 3/19/2010 2. The Security Program Manager (SPM): The designation of a USMS security officer is intended to establish clear accountability for setting policy for all security matters, including personnel, physical, IT, and information security activities. The SPM for the USMS is the Chief of the Office of Security Programs (OSP) within TOD. E. Procedures: 1. All requests for waivers to this policy are to be submitted in writing, e-mail is acceptable, to the CIO, who will direct the request to the appropriate USMS official for approval. 2. Procedures associated with the management, use, allocation, deployment, and accountability of USMS IT resources and systems are found in Policy Directive 12.2, The Management, Use, Allocation, Deployment, and Accountability of United States Marshals Service (USMS) Information Technology (IT) Resources and Systems. 3. Procedures associated with USMS user accounts and IT system accesses are found in Policy Directive 12.3, Information Technology Account Management and User Support. 4. Procedures associated with the acquisition, management and use of network and telecommunications services and equipment are found in Policy Directive 12.4, Guidelines for Telecommunications Requests. 5. Procedures associated with ITIM, the IT strategic plan, and IT change management processes are found in Policy Directive 12.5, Investment Management. 6. Procedures associated with Intranet and Internet web management and E-Government are found in Policy Directive 12.6, E-Government/Web Management. 7. Procedures associated with IT security management are found in Policy Directive 12.7, Information Technology (IT) Security. F. Definitions: References to selected terms and definitions applicable to this policy directive are in Appendix 2, Definitions. G. Cancellation Clause:
Recommended publications
  • TB 380-41 Final!

    TB 380-41 Final!

    klg DISTRIBUTION RESTRICTION STATEMENT The technical or operational information in this manual is required solely for official use; therefore, distribution is authorized to U.S. Government agencies only. This determination was made on 1 January 1993. For further information, see page i of this document. WARNING: Military or civilian personnel who misuse or disclose to unauthorized persons information marked For Official Use Only (FOUO) may be subject to administrative sanctions brought under UCMJ Article 92, or in accor- dance with AR 690-700, Chapter 751, Table 1-1. Elec- tronic copies made of any publication herein must (1) bear the Four Official Use Only marking, and (2) include this WARNING in its entirety. Protective marking is in accordance with paragraph 3-200, Exemption 3a, AR 25-55. Destroy by any method that will prevent disclosure of contents or reconstruction of the document. Headquarters, Department of the Army Date of this Publication is 1 August 2003. Current as of 1 July 2003. This bulletin supersedes TB 380-41, October 1994 and rescinds the use of DA Forms 2008 and 2009. FOR OFFICIAL USE ONLY TB 380-41 DISTRIBUTION RESTRICTION STATEMENT OUTSIDE THE U.S. GOVERNMENT RELEASE: Requests from outside the U.S. Government for release of this publication under the Foreign Military Sales Program must be made to Commander, U.S. Army Security Assistance Center, ATTN: AMSAC-MI/I, 5002 Eisenhower Ave., Alexandria, VA 22333-0001. Request from outside the U.S. Government for release of this publication under the Freedom of Information Act must be made to the Director, Communications-Electronics Command (CECOM), Communications Security Logistics Activity (CSLA) at ATTN: SELCL-ID-P3, U.S.
  • Model 90Si Secure Fax Gateway User's Guide

    Model 90Si Secure Fax Gateway User's Guide

    Model 90si Secure Fax Gateway User's Guide GateWay Fax Systems, Inc. Secure Fax Products Virginia, USA Tel: 804-796-1900 Toll-Free: 877-951-9800 Fax: 804-796-1116 E-Mail: [email protected] Web: www.gwfs.com Help Line: 877-951-9814 Revision 4.7 3/27/2013 GateWay Fax Systems, inc. Model 90si Secure Fax Gateway User's Guide 90si Quick Reference Guide Your 90si comes from the factory set for the Secure Only mode, whereby the commercial (COTS) fax connects to the 90si’s FAX jack (the other two phone jacks remain empty) and the 90si’s RS-232 Data cable connects to the Secure Data port of your crypto device. In this configuration the COTS fax can only be used for classified transac- tions with the crypto in Secure Data Mode. Connecting the COTS fax, 90si and Crypto This diagram shows the default (and recommended) factory configuration for the 90si. Shown are the rear panel of the 90si, Secure Telephone, Commercial-Off-The-Shelf (COTS) fax and the outside telepone line connection. Although there are other 90si configurations, this one will work right out of the box. See Section 2.3, Choose a Configuration, for others. 90si Secure Fax Gateway Rear Panel FAX Commercial-Off-The-Shelf Fax Machine 5VDC Power LINE (Set to Auto-Answer on 1 Ring) Supply "Red" Data Port "Secure" Secure Telephone PSTN Phone Line / Crypto (Set to Async 9.6kbps) Telephone Wall Jack Transmitting a Secure Fax Step Procedure 1. Place a call on your secure telephone / crypto. 2. Place it in secure data mode and set the handset on the table 3.
  • Safeguarding and Controlling Communications Security Material

    Safeguarding and Controlling Communications Security Material

    Headquarters Army in Europe United States Army, Europe, and Seventh Army United States Army Installation Management Agency Regulation 380-40* Europe Region Office Heidelberg, Germany 10 July 2003 Security Safeguarding and Controlling Communications Security Material *This regulation supersedes AE Regulation 380-40, 2 May 2003. For the CG, USAREUR/7A: MICHAEL L. DODSON Lieutenant General, USA Deputy Commanding General/ Chief of Staff Official: GARY C. MILLER Regional Chief Information Officer - Europe Summary. This regulation establishes policy and prescribes procedures for safeguarding, controlling, and disposing of communications security (COMSEC) material in the European region. Summary of Change. This revision provides updated procedures for controlling secure cellphones in private quarters (para 13c). Applicability. This regulation applies to organizations supported by USAREUR that handle COMSEC material. The policy and procedures in this regulation apply down to company level. Supplementation. Commanders will not supplement this regulation without USAREUR G2 (AEAGB-SAD-S) approval. Forms. This regulation prescribes AE Form 380-40A, AE Form 380-40B, AE Form 380-40C, AE Form 380-40D, and AE Form 380-40E. AE and higher-level forms are available through the Army in Europe Publishing System (AEPUBS). Records Management. Records created as a result of processes prescribed by this regulation must be identified, maintained, and disposed of according to AR 25-400-2. File numbers and descriptions are available on the Army Records Information Management System website at https://www.arims.army.mil. Suggested Improvements. The proponent of this regulation is the USAREUR G2 (AEAGB-SAD-S, DSN 370-7214). Users may suggest improvements to this regulation by sending DA Form 2028 to the USAREUR G2 (AEAGB-SAD-S), Unit 29351, APO AE 09014-9351.
  • FINAL COLT 69.Pub

    FINAL COLT 69.Pub

    CSLA’s COMSEC Logistics & Technical Newsletter GIPC 2010 KG Rules Destruction Accountability of Classified COMSEC Equipment Listing Multiple Discrepancies for ONE Short Title on an Incident Report INE Corner Going Secure using the KSV-21 Key Order Requests for KSV-21 ISSUE #69 2010 MARCH Preparation of COMSEC Incident Reports COMSEC Incident Report Corrective Actions Submitting Incident Reports COMSEC NICP Relocation from Ft. Huachuca, AZ to Aberdeen Proving Ground, MD KSD-64s Destruction and Disposition Fortezza Plus Crypto Card Family End of Life CIR DIRECTORY FROM THE EDITOR Communications Security Logistics Activity [CSLA] Fort Huachuca, Arizona CECOM Bottom Line: One Vision, One Mission — The WARFIGHTER "This document contains information exempt from mandatory disclosure under the FOIA. Exemption 3 applies. The information contained herein that is marked U//FOUO is for the exclusive use of the DoD, other U.S. government, and U.S. contract employees with a need-to-know. Such information is specifically prohibited from posting on unrestricted bulletin boards or other unlimited access applications, and to email aliases." FOR OFFICIAL USE ONLY reservations. Also, be sure to request the govern- Global INFOSEC Partnership ment rate when making reservations at hotels that Conference (GIPC) 2010 (U) have no room blocks. The FY10 lodging per diem rate for Fort Huachuca and Sierra Vista is $83. By Alicia DeCarlo, AMSEL-LCA-MFS DSN: 879-7583/CML: (520)538-7583 The following is a list of lodging establishments, email: [email protected] phone numbers, room rates and available GIPC- blocked rooms: (U) There has been a change to the previously re- leased Global INFOSEC Partnership Conference ARMY LODGING (GIPC) 2010 information in COLT #68 dated Novem- (520) 533-2222/533-2107 ber 2009.
  • Technical Security Program

    Technical Security Program

    U.S. Department of Energy ORDER Washington, D.C. DOE O 470.6 Approved: 9-2-2015 Chg 1 (MinChg): 1-11-2017 SUBJECT TECHNICAL SECURITY PROGRAM : 1. PURPOSE. This Order implements the Department of Energy (DOE) Technical Security Program (TSP). This program represents the convergence of two distinct disciplines: Counterintelligence (CI) and Security Countermeasures. The elements of the TSP are driven by national level, interagency programs that are codified in various laws, Executive Orders, national polices and directives. The scope of the DOE TSP is the following elements: a. Technical Surveillance Countermeasures (TSCM) - designed to detect, deter, isolate, and nullify technical surveillance penetrations and technical security hazards. b. TEMPEST - designed to prevent the unauthorized intercept of compromising emanations that may be present in information processing communication equipment, systems, and components. c. Protected Distribution Systems (PDS) - designed to protect unencrypted classified signal/data lines that exit secure areas and traverse through areas of lesser security. d. Wireless Security (WISEC) - designed to test/evaluate the impact of mobile and fixed wireless communication devices used in or near classified and sensitive unclassified activity areas for the purpose of determining risks and countermeasures. e. Communications Security (COMSEC) - designed to protect and control the means and materials used to provide encrypted communications. 2. CANCELLATIONS. a. DOE M 470.4-4A Chg. 1, Information Security Manual, dated 10-12-2010, Section D – Technical Surveillance Countermeasures (Official Use Only) and classified annex (Secret). b. DOE M 205.1-3, Telecommunications Security Manual (Official Use Only) and Part II (Secret), dated 4-17-2006 to include classified annexes.
  • Technical Security Program

    Technical Security Program

    U.S. Department of Energy ORDER Washington, D.C. DOE O 470.6 Approved: 09-02-2015 SUBJECT: TECHNICAL SECURITY PROGRAM 1. PURPOSE. a. This order implements the Department of Energy (DOE) Technical Security Program (TSP). This program represents the convergence of two distinct disciplines: Counterintelligence (CI) and Security Countermeasures. The elements of the TSP are driven by national level, interagency programs that are codified in various laws, Executive Orders, national polices and directives. b. The DOE TSP includes the following elements: (1) Technical Surveillance Countermeasures (TSCM) designed to detect, deter, isolate, and nullify technical surveillance penetrations and technical security hazards. (2) TEMPEST designed to prevent the unauthorized intercept of compromising emanations that may be present in information processing communication equipment, systems, and components. (3) Protected Distribution Systems (PDS) designed to protect unencrypted classified signal/data lines that exit secure areas and traverse through areas of lesser security. [see Attachment 2, paragraph j.(87)] (4) Wireless Security (WISEC) designed to test/evaluate the impact of mobile and fixed wireless communication devices used in or near classified and sensitive unclassified activity areas for the purpose of determining risks and countermeasures. [see Attachment 2, paragraph j.(10)] (5) Communications Security (COMSEC) designed to protect and control the means and materials used to provide encrypted communications. 2. CANCELLATIONS. a. DOE M 470.4-4A Chg. 1, Information Security Manual, dated 10-12-2010, Section D – Technical Surveillance Countermeasures (Official Use Only) and classified annex (Secret). b. DOE M 205.1-3, Telecommunications Security Manual (Official Use Only) and Part II (Secret), dated 4-17-2006.