{"title":"国防部指令85002“信息保障(IA)实施”回顾","authors":"P. Campbell","doi":"10.1109/CCST.2012.6393557","DOIUrl":null,"url":null,"abstract":"From the time of its publication on February 6, 2003, the Department of Defense Instruction 8500.2 “Information Assurance (IA) Implementation” (DoDI 8500.2) has provided the definitions and controls that form the basis for IA across the DoD. This is the document to which compliance has been mandatory. For over 9 years, as the world of computer security has swirled through revision after revision and upgrade after upgrade, moving, for example, from DITSCAP to DIACAP, this instruction has remained unrevised, in its original form. As this venerable instruction now nears end of life it is appropriate that we step back and consider what we have learned from it and what its place is in context. In this paper we first review the peculiar structure of DoDI 8500.2, including its attachments, its “Subject Areas,” its “baseline IA levels,” its implicit use of type, signatures (full, half, left, and right), and signature patterns, along with span, and class. To provide context and contrast we briefly present three other control sets, namely (1) the DITSCAP checklists that preceded DoDI 8500.2, (2) the up and coming NIST 800-53 that it appears will follow DoDI 8500.2, and (3) Cobit from the commercial world. We then compare the scope of DoDI 8500.2 with those three control sets. The paper concludes with observations concerning DoDI 8500.2 and control sets in general.","PeriodicalId":405531,"journal":{"name":"2012 IEEE International Carnahan Conference on Security Technology (ICCST)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Department of Defense Instruction 8500.2 “Information Assurance (IA) Implementation:” A retrospective\",\"authors\":\"P. Campbell\",\"doi\":\"10.1109/CCST.2012.6393557\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"From the time of its publication on February 6, 2003, the Department of Defense Instruction 8500.2 “Information Assurance (IA) Implementation” (DoDI 8500.2) has provided the definitions and controls that form the basis for IA across the DoD. This is the document to which compliance has been mandatory. For over 9 years, as the world of computer security has swirled through revision after revision and upgrade after upgrade, moving, for example, from DITSCAP to DIACAP, this instruction has remained unrevised, in its original form. As this venerable instruction now nears end of life it is appropriate that we step back and consider what we have learned from it and what its place is in context. In this paper we first review the peculiar structure of DoDI 8500.2, including its attachments, its “Subject Areas,” its “baseline IA levels,” its implicit use of type, signatures (full, half, left, and right), and signature patterns, along with span, and class. To provide context and contrast we briefly present three other control sets, namely (1) the DITSCAP checklists that preceded DoDI 8500.2, (2) the up and coming NIST 800-53 that it appears will follow DoDI 8500.2, and (3) Cobit from the commercial world. We then compare the scope of DoDI 8500.2 with those three control sets. The paper concludes with observations concerning DoDI 8500.2 and control sets in general.\",\"PeriodicalId\":405531,\"journal\":{\"name\":\"2012 IEEE International Carnahan Conference on Security Technology (ICCST)\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-12-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE International Carnahan Conference on Security Technology (ICCST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCST.2012.6393557\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE International Carnahan Conference on Security Technology (ICCST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2012.6393557","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Department of Defense Instruction 8500.2 “Information Assurance (IA) Implementation:” A retrospective
From the time of its publication on February 6, 2003, the Department of Defense Instruction 8500.2 “Information Assurance (IA) Implementation” (DoDI 8500.2) has provided the definitions and controls that form the basis for IA across the DoD. This is the document to which compliance has been mandatory. For over 9 years, as the world of computer security has swirled through revision after revision and upgrade after upgrade, moving, for example, from DITSCAP to DIACAP, this instruction has remained unrevised, in its original form. As this venerable instruction now nears end of life it is appropriate that we step back and consider what we have learned from it and what its place is in context. In this paper we first review the peculiar structure of DoDI 8500.2, including its attachments, its “Subject Areas,” its “baseline IA levels,” its implicit use of type, signatures (full, half, left, and right), and signature patterns, along with span, and class. To provide context and contrast we briefly present three other control sets, namely (1) the DITSCAP checklists that preceded DoDI 8500.2, (2) the up and coming NIST 800-53 that it appears will follow DoDI 8500.2, and (3) Cobit from the commercial world. We then compare the scope of DoDI 8500.2 with those three control sets. The paper concludes with observations concerning DoDI 8500.2 and control sets in general.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
