Department of Defense (DoD) Policy
The following policy is aimed at ensuring that the best technology services are provided by my organization to the Department of Defense (herein referred to as DoD) without in any way jeopardizing their security apparatus and operations. The main principle behind the policy is the commitment of my organization to fully satisfy our clients to ensure that they would never regret working with us. Customer satisfaction is our main goal and that can only be achieved by creating and implementing an apparatus that will see our old customers come back for our services year in year out. Customer privacy and adherence to customer needs are always the main instruments of keeping our customers satisfied.
The policy is aimed at ensuring that during the provision of the technology services to the U.S. Air Force Cyber Security Center (AFCSC) are done at the highest possible security adherence as per the standards of the DoD. Furthermore, the policy will ensure increased efficiency and quality of services to DoD. The will also ensure that genuine hardware is used and the entire necessary physical network for creation, implementation, storage and retrieval of technological services is done at the highest standards as put forward by DoD.
In our endeavor to effectively implement the policy, we will adhere to Subchapter III of Chapter 35 of title 44, United States Code Information Security Management Act (FISMA) of 2002, DoD Instruction 8500.2, DoD Directive 8100.1, and DoD Directive 8500.01E. This will help our organization to effectively fulfill the needs of DoD during our period of working together. Furthermore, we will follow the necessary provisions as provided for in the DoDI 8510.01, November 28, 2007. This will allow us to be able to work as part of DoD.
To ensure that we provide the best service, we will create a team that will be allocated to the DoD contract. This will allow a team to have full concentration on the project and have all the necessary contacts with the client. This will increase efficiency and accuracy as there will be less people dealing with the client, and those who do have intensive interaction. In case of an error in service delivery, it will be able to determine its source, rather than following up all the employees in our organization. Troubleshooting the source of information leakages in case they happen is therefore easier.
We will allow the department to check both our software and hardware that we will use to handle their project. This will be done through their procedural check on the software and hardware. Our 12 Servers running Microsoft (MS) Server 2008 R2, and any other addition will be maintained and a copy of backup will be retained at a safe location. The servers will have passwords and limited access in order to allow authorized access only.
With the new set standards for data and information handling in the DoD, my organization will follow the new Defense Federal Acquisition Regulation Supplement (DFARS). This will help us ensure that data is kept safe and is only handled by the authorized personnel. Our software will also have limitations and barriers with security codes, passwords and other security measures that will be regularly changed to reduce chances of illegal access. The 390 personal computers will also be redistributed, and the team handling the DoD contract alienated from the rest. Their system access will be different due to sensitive nature of their contract. We understand that leakages of defense information could lead to disastrous effects to the national security organs.
The software in the PCs would be updated every two days to ensure high data security. This would protect it from any loss through viruses and other software malfunctioning. The long term software such as adobe reader and Microsoft windows would be updated every time a new version is available in the market. This would ensure efficiency in data management and eventually the process of technology-related services provision.
The desired outcome of the policy is mainly the satisfaction of the client, especially with the security on information and access. All the information that is not public must remain so, and information taken to the right people at all times. Questionnaires and other periodical reports will be made to determine the success of the policy.
A watertight information transfer system will be determined through the follow-up on the amount of information that will be reported by the media.
Due to the sensitivity of the services provided to the DoD, this policy will be reviewed after every three months. This will allow both parties to come up with better strategies and means to implement them before the whole information system gets interfered with by undesired parties.
The Department of Defense has, among others, the following protections over their information:
- Has prohibited posting of information on websites unless such information is restricted through the use of digital certificates, passwords, or other digital identification tools
- Requires that the contractor uses the highest level of available security measures on information passed through technological tools and channels such as text messages and emails.
- Transmission of information electronically should be assured of its recipient.
- All information must be protected at all times, whether physically or electronically.
- Before disposal, media should be sanitisized.
- All the antivirus and data protection software should be updated as frequently as possible.