AR380-19

From Wikipedia, the free encyclopedia

US AR 380-19 is Information Systems Security US Army Regulation.

Major sections:

  • Computer Security.
  • Automated Information system Accreditaion.
  • Communications Security.
  • Risk Management.

Contents

[edit] Summary

This publication introduces the concept of site-based accreditation, provides new policies for the use of laptop and small deployable computers and for the use of the Internet and Homepages, and issues minimum requirements for degaussing, declassifying, and downgrading of information and media.

AR 380-19 was superseded by AR 25-2 Information Assurance in 2003.

This regulation is an update to meet changing information system security (ISS) policies and directives for all Army automated information systems (AIS); it implement the transition to site-based accreditation (SBA) concepts and requirements for those Army intelligence systems subject to Defense Intelligence Agency (DIA) or National Security Agency (NSA) directives derived from Director, Central Intelligence, Directive (DCID) 1/16. This regulation implements the ISS portion of the Command and Control Protect (C2 Protect) component of the Army's Information Operations (IO) program as defined in Field Manual (FM) 100-6 and AR 525-20.

This regulation implements national and Department of Defense (DOD) guidance contained in DOD directives governing security for information in an electronic form, including DOD Directives 5200.28, 5200.5, and 5200.19 (when used in conjunction with AR 381-14). It also provides the Army's implementation of sections 1 through 8, Act of 8 January 1988, Public Law (PL) 100-235, U.S. Statute (Stat) 101, pp. 1,724-1,730, cited as the Computer Security Act of 1987. This regulation designates ISS as the security discipline that encompasses communications security (COMSEC), and computer security (COMPUSEC). It defines the Army Information Systems Security Program (AISSP) and prescribes a structure for implementing that program. This regulation provides specific policy on accreditation of AIS and networks. It also provides minimum security standards for transmitting classified and sensitive unclassified information.

[edit] Applicability

. This regulation applies to the Active Army, the Army National Guard (ARNG), and the United States Army Reserve (USAR). It applies to contractors who operate Government-owned or contractor-owned, AIS that process or store Army information. Contractors who process Sensitive But Unclassified (SBU) information on contractor-owned AIS are governed by this regulation if specified in the contractual requirements or if they connect to an installation AIS/network system. All of the above must comply with sections 1 through 8, Act of 8 January 1988, PL 100-235, 101 Stat 1,724-1,730.

During mobilization, deployment, or national emergency, this regulation remains in effect without change.

[edit] References

AR 380-19 in the FAS website

[edit] See also