Presentation is loading. Please wait.

Presentation is loading. Please wait.

PERSONALLY IDENTIFIABLE INFORMATION (PII) BRIEFING

Similar presentations


Presentation on theme: "PERSONALLY IDENTIFIABLE INFORMATION (PII) BRIEFING"— Presentation transcript:

1 PERSONALLY IDENTIFIABLE INFORMATION (PII) BRIEFING
Key Issue: The continued loss of PII is placing our Soldiers in jeopardy. Other issues: Sensitive Data is being lost Found by those hostile to our way of life FOUO Data leaving the installations is making it’s way to the public & others.

2 ALARACT 147/2007 ARMY PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) AWARENESS REQUIREMENTS ALREADY EXIST, are not being met Commanders/Directors accountable Requirements (long list) must be met and reported NLT 27 JULY 2007 (NLT 1 Aug07 to HQDA ) COMPLETE ALARACT ALARACT 147/2007 ARMY PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) AWARENESS, DTG Z JUL 07. This message from the VCSA discusses the loss of PII, and begins as follows: “The continued loss of PII is placing our Soldiers in jeopardy.  In light of the type and quantity of PII incidents that have occurred in the past twelve months, I am directing in coordination with the CIO/G6 that the Army comply with the tasks listed in para 3 which focus on computer security and PII protection. All Army Commands (ACOM), Army Service Component Commands (ASCC), Direct Reporting Units (DRU), Army Staff, PEOS, and agencies will execute these tasks within thirty days of the date of this message.” PII is defined as any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individual's identity.  For example:  name, social security number, date and place of birth, mother’s maiden name, biometric records. Compliance with this message must be reported to the Army Operations Center POC listed in the message. Classification:  UNCLASSIFIED Caveats: NONE PAAUZYUW RUEWMCS UUUU--RUHQUSU. ZNR UUUUU ZUI RUEWMCE P Z JUL 07 FM PTC WASHINGTON DC//ALARACT// TO ALARACT AL ALARACT(UC) BT UNCLAS ********* THIS IS A COMBINED MESSAGE ********* SUBJ: ALARACT 147/2007 THIS MESSAGE HAS BEEN SENT BY THE PENTAGON TELECOMMUNICATIONS CENTER ON BEHALF OF DA WASHINGTON DC//SAIS-ZA// ARMY VCSA SENDS: SUBJECT:  ARMY PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) AWARENESS REF A:  OFFICE OF MANAGEMENT AND BUDGET MEMORANDUM M-06-19, 12 JULY 2006, SUBJECT: REPORTING INCIDENTS INVOLVING PII AND INCORPORATING THE COST FOR SECURITY IN AGENCY INFORMATION TECHNOLOGY INVESTMENTS. REF B:  DEPARTMENT OF DEFENSE MEMORANDUM, 18 AUGUST 2006, SUBJECT: DEPARTMENT OF DEFENSE (DOD) GUIDANCE ON PROTECTING PERSONALLY IDENTIFIABLE INFORMATION (PII). REF C:  ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. REF D:   ARMY CIO/G6 MEMORANDUM DATED 28 SEP 2006 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. REF E:   MICROSOFT (MS) WINDOWS XP PRO. OS ENCRYPTING FILE SYSTEM (EFS) BEST BUSINESS PRACTICE (BBP), TITLED, DATA-AT-REST (DAR) PROTECTION MOBILE DEVICES USING EFS IMPLEMENTATION DATED 12 OCT 2006, REF F:  OFFICE OF MANAGEMENT AND BUDGET MEMORANDUM M-06-16, 23 JUNE 2006, SUBJECT:  PROTECTION OF SENSITIVE AGENCY INFORMATION. REF G: ALARACT MESSAGE DATED Z FEB 06 SUBJECT: ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON. 1.  (FOUO) THE CONTINUED LOSS OF PII IS PLACING OUR SOLDIERS IN JEOPARDY.  IN LIGHT OF THE TYPE AND QUANTITY OF PII INCIDENTS THAT HAVE OCCURRED IN THE PAST TWELVE MONTHS, I AM DIRECTING IN COORDINATION WITH THE CIO/G6 THAT THE ARMY COMPLY WITH THE TASKS LISTED IN PARA 3 WHICH FOCUS ON COMPUTER SECURITY AND PII PROTECTION.  ALL ARMY COMMANDS (ACOM), ARMY SERVICE COMPONENT COMMANDS (ASCC), DIRECT REPORTING UNITS (DRU), ARMY STAFF, PEOS, AND AGENCIES WILL EXECUTE THESE TASKS WITHIN THIRTY DAYS OF THE DATE OF THIS MESSAGE PII IS ANY INFORMATION ABOUT AN INDIVIDUAL MAINTAINED BY AN AGENCY, INCLUDING, BUT NOT LIMITED TO, EDUCATION, FINANCIAL TRANSACTIONS, MEDICAL HISTORY, AND CRIMINAL OR EMPLOYMENT HISTORY AND INFORMATION WHICH CAN BE USED TO DISTINGUISH OR TRACE AN INDIVIDUAL'S IDENTITY.  FOR EXAMPLE:  NAME, SOCIAL SECURITY NUMBER, DATE AND PLACE OF BIRTH, MOTHERS MAIDEN NAME, BIOMETRIC RECORDS IT MUST BE CLEAR THAT PROTECTION OF PII IS A FORCE PROTECTION ISSUE THAT IS A COMMANDERS AND INDIVIDUALS RESPONSIBILTY.  LOSS OF PII REPRESENTS A SECURITY BREACH THAT ADVERSELY AFFECTS OUR ARMY AS PII CAN BE EXPLOITED NOT ONLY BY CRIMINALS WHO STEAL IDENTITIES OF OUR PERSONNEL, BUT ALSO BY OUR ADVERSARIES. 2. (FOUO) IN THE PAST TEN MONTHS, THERE WERE 86 ARMY PII INCIDENTS REPORTED.  OF THESE, 78 PERCENT WERE THE RESULT OF LOST OR STOLEN LAPTOPS WITH A TOTAL OF 103,939 INDIVIDUALS AFFECTED IN MANY INCIDENTS THE LOSS OF PII WAS A RESULT OF LAPTOP COMPUTERS STOLEN FROM UNATTENDED PRIVATE OR GOVERNMENT VEHICLES.  THE LAPTOPS WERE LEFT VISIBLE AND PERPETRATORS GAINED ACCESS BY BREAKING VEHICLE WINDOWS.  FURTHERMORE, OUT OF 64 LOST OR STOLEN LAPTOPS, 43 (67%) HAD NO DATA AT REST (DAR) PROTECTION AND WERE NOT IN COMPLIANCE WITH REFERENCE C. 3. (FOUO)  IN LIGHT OF THESE EVENTS, COMMANDERS / STAFF DIRECTORS WILL HAVE THEIR ORGANIZATIONS COMPLETE THE TASKS LISTED IN PARAGRAPH 3 NLT 30 DAYS FROM THE DATE OF THIS MESSAGE AND REPORT COMPLIANCE TO THE ARMY OPERATIONS CENTER POC LISTED IN PARAGRAPH 6.  THIS REQUIREMENT APPLIES TO SOLDIERS, DEPARTMENT OF ARMY CIVILIANS AND ARMY CONTRACTORS WHO WORK FOR YOUR ORGANIZATION COMPLY WITH DAR MESSAGE (REFERENCE C) AND ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON (REFERENCE G) ENSURE ALL HIGH RISK MOBILE INFORMATION SYSTEMS AUTHORIZED FOR TRAVEL (I.E. LAPTOPS AND REMOVABLE STORAGE DEVICES SUCH AS THUMBDRIVES) ARE IDENTIFIED AND APPROPRIATELY CONFIGURED AND LABELED ENSURE LAPTOPS AUTHORIZED FOR TRAVEL ARE PROPERLY CONFIGURED FOR ENCRYPTING DATA AT REST USING AN ARMY APPROVED DAR SOLUTION OR IAW THE BEST BUSINESS PRACTICES IDENTIFIED IN REF E IAW REF G, THESE LAPTOPS WILL BE REQUIRED TO USE CAC CRYPTOGRAPHIC LOGON (CCL) FOR WINDOWS DOMAIN LOGON THROUGH GROUP POLICY OBJECT (MACHINE-BASED) ENFORCEMENT TO ELIMINATE THE USE OF USERID/PASSWORD AS A MEANS FOR DEVICE OR NETWORK ACCESS.  THE USE OF CAC/PKI FOR ACCESS CONTROL COMBINED WITH ENCRYPTION OF DATA AT REST PROVIDES STRONG PROTECTION OF PII AND SENSITIVE DATA ON HIGH RISK MOBILE DEVICES LABELS ON LAPTOPS MUST STATE THAT THE SYSTEM IS PROTECTED BY A DAR SOLUTION AND AUTHORIZED FOR TRAVEL IAW ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. LABELING ALSO APPLIES TO REMOVEABLE STORAGE DEVICES SUCH AS THUMBDRIVES IF THE DAR SOLUTION SUPPORTS REMOVEABLE MEDIA. ADDITIONALLY, PERSONALLY OWNED THUMBDRIVES THAT ARE USED IN AND AROUND THE GOVERNMENT WORKSPACE, WILL BE LABELED AS PERSONAL AND WILL  NOT BE USED FOR STORING ANY GOVERNMENT DATA OR PII LAPTOPS NOT IN FULL COMPLIANCE WILL NOT HAVE THE DAR LABEL AFFIXED AND ARE NOT AUTHORIZED FOR TRAVEL ENSURE TRAVELERS ARE TRAINED ON PROCEDURES TO ENCRYPT AND ********* START OF SECTION 2 ********* DECRYPT SENSITIVE DATA USING ARMY APPROVED SOLUTIONS FOR ORGANIZATIONS WITH AN EXISTING DAR ENCRYPTION CAPABILITY, EXTEND WITHIN THE LIMITS OF CURRENT RESOURCES THOSE CAPABILITIES TO ALL REMAINING INFORMATION SYSTEMS WHERE DATA IS AT RISK. ORGANIZATIONS ARE NOT TO EXPEND RESOURCES IN ACQUIRING ADDITIONAL LICENSES TO COVER UNPROTECTED SYSTEMS.  THE ARMY, ALONG WITH DOD AND OTHER FEDERAL AGENCIES PARTICIPATED IN A FEDERAL GOVERNMENT WIDE DAR ENCRYPTION ACQUISITION WHICH YIELDED MULTIPLE ENCRYPTION PRODUCTS. THE ARMY IS FINALIZING ITS DAR PROCUREMENT STRATEGY AND WILL RELEASE UPDATED POLICY THAT WILL IDENTIFY THE APPROVED PRODUCT(S) FOR USE BY ALL ARMY ACTIVITIES IN THE NEAR FUTURE ALL ASSIGNED PERSONNEL WILL COMPLETE THE ARMY G3 COMPUTER SECURITY TRAINING AND THE PROTECTION OF EXTERNAL REMOVABLE MEDIA TRAINING PACKAGES ARE LOCATED AT THE ARMYS VIRTUAL INFORMATION ASSURANCE TRAINING URL LOG IN OR REGISTER AND THEN CLICK LESSON OPTIONS/SELECT MODULE AND SELECT THUMB DRIVE AWARENESS OR ARMY G3 COMPUTER SECURITY TRAINING ESTABLISH A SYSTEM TO REVIEW NEW MOBILE/LAPTOPS THAT ENTER THE UNITS INVENTORY FOR AN "AUTHORIZATION TO TRAVEL" STATUS AND APPLICABLE MARKINGS THAT A DAR SOLUTION WAS APPLIED AND IS USED TO ENCRYPT FOUO AND PII INFORMATION. 4.  (U) REPORTING.  AS OUTLINED IN PARAGRAPH 3, COMMANDS WILL EXECUTE THESE TASKS WITHIN THIRTY DAYS OF THE DATE OF THIS MESSAGE ACOMS, ASCCS, DRUS AND ARMY STAFF WILL ACKNOWLEDGE RECEIPT OF THIS MESSAGE WITHIN 72 HOURS AND PROVIDE THE UNIT POC TO THE ARMY AOC AT COMM (703) , DSN OR 4.2 (U) ACOMS, ASCCS, DRUS, ARMY STAFF, PEOS AND AGENCIES WILL REPORT ATTAINMENT OF 100 PERCENT COMPLIANCE WITH THE TASKS OUTLINED IN PARAGRAPH 3.  POC FOR REPORTING COMPLIANCE IS THE ARMY AOC POC LISTED IN PARA 6.  THERE IS NO REQUIREMENT FOR INCREMENTAL REPORTING. 5. (FOUO)   I CANNOT EMPHASIZE ENOUGH THE IMPORTANCE IN PROTECTING THE PERSONAL INFORMATION OF OUR FORMATIONS.  FAILING TO PROVIDE ADEQUATE PROTECTION PLACES OUR FORCES IN JEOPARDY AND IS AN UNNECESSARY RISK. 6. (FOUO) POCS FOR THIS MESSAGE ARE:  COMPLIANCE CONTACT AOC AT COMM:  (703) DSN DAR IMPLEMENTATION CONTACT MS AMY HARDING NETCOM ESTA, COMM: (703) ;   IA TRAINING CONTACT MR. RON STURMER ESTA COMM:  (703) FOIA AND PII REPORTING PROCEDURES CONTACT ROBERT DICKERSON, COMM (703) DISTRIBUTION: PRINCIPAL OFFICIALS OF HEADQUARTERS, DEPARTMENT OF THE ARMY COMMANDER: U.S. ARMY FORCES COMMAND   U.S. ARMY TRAINING AND DOCTRINE COMMAND   U.S. ARMY MATERIEL COMMAND   U.S. ARMY EUROPE   U.S. ARMY CENTRAL   U.S. ARMY NORTH   U.S. ARMY SOUTH U.S. ARMY PACIFIC U.S. ARMY SPECIAL OPERATIONS COMMAND MILITARY SURFACE DEPLOYMENT AND DISTRIBUTION COMMAND U.S. ARMY SPACE AND MISSILE DEFENSE COMMAND/ARMY STRATEGIC COMMAND EIGHTH U.S. ARMY UNITED STATES ARMY NETWORK ENTERPRISE TECHNOLOGY COMMAND/9TH SIGNAL COMMAND U.S. ARMY MEDICAL COMMAND U.S. ARMY INTELLIGENCE AND SECURITY COMMAND U.S. ARMY CRIMINAL INVESTIGATION COMMAND U.S. ARMY CORPS OF ENGINEERS   U.S. ARMY MILITARY DISTRICT OF WASHINGTON   U.S. ARMY TEST AND EVALUATION COMMAND U.S. MILITARY ACADEMY   U.S. ARMY RESERVE COMMAND   U.S. ARMY ACQUISITION AND SUPPORT CENTER   US ARMY INSTALLATION MANAGEMENT COMMAND EXPIRATION DATE CANNOT BE DETERMINED BT #9838 NNNN Classification:  UNCLASSIFIED Caveats: NONE

3 PERSONALLY IDENTIFIABLE INFORMATION (PII) AWARENESS
JRTC & FT. Polk Commanders &Directors: WILL HAVE THEIR ORGANIZATIONS COMPLETE THE TASKS LISTED IN PARAGRAPH 3 of ALARACT 147/2007 REPORT COMPLIANCE: Brigades & Directorates consolidate and send one report to DOIM) NLT 1200hrs 27 Jul (HQDA deadline 1Aug07) REQUIREMENT APPLIES TO SOLDIERS, DA CIVILIANS AND ARMY CONTRACTORS ON THE INSTALLATION. COMPLETE ALARACT ALARACT 147/2007 ARMY PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) AWARENESS, DTG Z JUL 07. This message from the VCSA discusses the loss of PII, and begins as follows: “The continued loss of PII is placing our Soldiers in jeopardy.  In light of the type and quantity of PII incidents that have occurred in the past twelve months, I am directing in coordination with the CIO/G6 that the Army comply with the tasks listed in para 3 which focus on computer security and PII protection. All Army Commands (ACOM), Army Service Component Commands (ASCC), Direct Reporting Units (DRU), Army Staff, PEOS, and agencies will execute these tasks within thirty days of the date of this message.” PII is defined as any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individual's identity.  For example:  name, social security number, date and place of birth, mother’s maiden name, biometric records. Compliance with this message must be reported to the Army Operations Center POC listed in the message. Classification:  UNCLASSIFIED Caveats: NONE PAAUZYUW RUEWMCS UUUU--RUHQUSU. ZNR UUUUU ZUI RUEWMCE P Z JUL 07 FM PTC WASHINGTON DC//ALARACT// TO ALARACT AL ALARACT(UC) BT UNCLAS ********* THIS IS A COMBINED MESSAGE ********* SUBJ: ALARACT 147/2007 THIS MESSAGE HAS BEEN SENT BY THE PENTAGON TELECOMMUNICATIONS CENTER ON BEHALF OF DA WASHINGTON DC//SAIS-ZA// ARMY VCSA SENDS: SUBJECT:  ARMY PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) AWARENESS REF A:  OFFICE OF MANAGEMENT AND BUDGET MEMORANDUM M-06-19, 12 JULY 2006, SUBJECT: REPORTING INCIDENTS INVOLVING PII AND INCORPORATING THE COST FOR SECURITY IN AGENCY INFORMATION TECHNOLOGY INVESTMENTS. REF B:  DEPARTMENT OF DEFENSE MEMORANDUM, 18 AUGUST 2006, SUBJECT: DEPARTMENT OF DEFENSE (DOD) GUIDANCE ON PROTECTING PERSONALLY IDENTIFIABLE INFORMATION (PII). REF C:  ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. REF D:   ARMY CIO/G6 MEMORANDUM DATED 28 SEP 2006 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. REF E:   MICROSOFT (MS) WINDOWS XP PRO. OS ENCRYPTING FILE SYSTEM (EFS) BEST BUSINESS PRACTICE (BBP), TITLED, DATA-AT-REST (DAR) PROTECTION MOBILE DEVICES USING EFS IMPLEMENTATION DATED 12 OCT 2006, REF F:  OFFICE OF MANAGEMENT AND BUDGET MEMORANDUM M-06-16, 23 JUNE 2006, SUBJECT:  PROTECTION OF SENSITIVE AGENCY INFORMATION. REF G: ALARACT MESSAGE DATED Z FEB 06 SUBJECT: ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON. 1.  (FOUO) THE CONTINUED LOSS OF PII IS PLACING OUR SOLDIERS IN JEOPARDY.  IN LIGHT OF THE TYPE AND QUANTITY OF PII INCIDENTS THAT HAVE OCCURRED IN THE PAST TWELVE MONTHS, I AM DIRECTING IN COORDINATION WITH THE CIO/G6 THAT THE ARMY COMPLY WITH THE TASKS LISTED IN PARA 3 WHICH FOCUS ON COMPUTER SECURITY AND PII PROTECTION.  ALL ARMY COMMANDS (ACOM), ARMY SERVICE COMPONENT COMMANDS (ASCC), DIRECT REPORTING UNITS (DRU), ARMY STAFF, PEOS, AND AGENCIES WILL EXECUTE THESE TASKS WITHIN THIRTY DAYS OF THE DATE OF THIS MESSAGE. 1.1. PII IS ANY INFORMATION ABOUT AN INDIVIDUAL MAINTAINED BY AN AGENCY, INCLUDING, BUT NOT LIMITED TO, EDUCATION, FINANCIAL TRANSACTIONS, MEDICAL HISTORY, AND CRIMINAL OR EMPLOYMENT HISTORY AND INFORMATION WHICH CAN BE USED TO DISTINGUISH OR TRACE AN INDIVIDUAL'S IDENTITY.  FOR EXAMPLE:  NAME, SOCIAL SECURITY NUMBER, DATE AND PLACE OF BIRTH, MOTHERS MAIDEN NAME, BIOMETRIC RECORDS. 1.2 IT MUST BE CLEAR THAT PROTECTION OF PII IS A FORCE PROTECTION ISSUE THAT IS A COMMANDERS AND INDIVIDUALS RESPONSIBILTY.  LOSS OF PII REPRESENTS A SECURITY BREACH THAT ADVERSELY AFFECTS OUR ARMY AS PII CAN BE EXPLOITED NOT ONLY BY CRIMINALS WHO STEAL IDENTITIES OF OUR PERSONNEL, BUT ALSO BY OUR ADVERSARIES. 2. (FOUO) IN THE PAST TEN MONTHS, THERE WERE 86 ARMY PII INCIDENTS REPORTED.  OF THESE, 78 PERCENT WERE THE RESULT OF LOST OR STOLEN LAPTOPS WITH A TOTAL OF 103,939 INDIVIDUALS AFFECTED IN MANY INCIDENTS THE LOSS OF PII WAS A RESULT OF LAPTOP COMPUTERS STOLEN FROM UNATTENDED PRIVATE OR GOVERNMENT VEHICLES.  THE LAPTOPS WERE LEFT VISIBLE AND PERPETRATORS GAINED ACCESS BY BREAKING VEHICLE WINDOWS.  FURTHERMORE, OUT OF 64 LOST OR STOLEN LAPTOPS, 43 (67%) HAD NO DATA AT REST (DAR) PROTECTION AND WERE NOT IN COMPLIANCE WITH REFERENCE C. 3. (FOUO)  IN LIGHT OF THESE EVENTS, COMMANDERS / STAFF DIRECTORS WILL HAVE THEIR ORGANIZATIONS COMPLETE THE TASKS LISTED IN PARAGRAPH 3 NLT 30 DAYS FROM THE DATE OF THIS MESSAGE AND REPORT COMPLIANCE TO THE ARMY OPERATIONS CENTER POC LISTED IN PARAGRAPH 6.  THIS REQUIREMENT APPLIES TO SOLDIERS, DEPARTMENT OF ARMY CIVILIANS AND ARMY CONTRACTORS WHO WORK FOR YOUR ORGANIZATION. 3.1 COMPLY WITH DAR MESSAGE (REFERENCE C) AND ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON (REFERENCE G). 3.1.1 ENSURE ALL HIGH RISK MOBILE INFORMATION SYSTEMS AUTHORIZED FOR TRAVEL (I.E. LAPTOPS AND REMOVABLE STORAGE DEVICES SUCH AS THUMBDRIVES) ARE IDENTIFIED AND APPROPRIATELY CONFIGURED AND LABELED. 3.1.2 ENSURE LAPTOPS AUTHORIZED FOR TRAVEL ARE PROPERLY CONFIGURED FOR ENCRYPTING DATA AT REST USING AN ARMY APPROVED DAR SOLUTION OR IAW THE BEST BUSINESS PRACTICES IDENTIFIED IN REF E. 3.1.3 IAW REF G, THESE LAPTOPS WILL BE REQUIRED TO USE CAC CRYPTOGRAPHIC LOGON (CCL) FOR WINDOWS DOMAIN LOGON THROUGH GROUP POLICY OBJECT (MACHINE-BASED) ENFORCEMENT TO ELIMINATE THE USE OF USERID/PASSWORD AS A MEANS FOR DEVICE OR NETWORK ACCESS.  THE USE OF CAC/PKI FOR ACCESS CONTROL COMBINED WITH ENCRYPTION OF DATA AT REST PROVIDES STRONG PROTECTION OF PII AND SENSITIVE DATA ON HIGH RISK MOBILE DEVICES. 3.1.4 LABELS ON LAPTOPS MUST STATE THAT THE SYSTEM IS PROTECTED BY A DAR SOLUTION AND AUTHORIZED FOR TRAVEL IAW ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. LABELING ALSO APPLIES TO REMOVEABLE STORAGE DEVICES SUCH AS THUMBDRIVES IF THE DAR SOLUTION SUPPORTS REMOVEABLE MEDIA. ADDITIONALLY, PERSONALLY OWNED THUMBDRIVES THAT ARE USED IN AND AROUND THE GOVERNMENT WORKSPACE, WILL BE LABELED AS PERSONAL AND WILL  NOT BE USED FOR STORING ANY GOVERNMENT DATA OR PII. 3.1.5 LAPTOPS NOT IN FULL COMPLIANCE WILL NOT HAVE THE DAR LABEL AFFIXED AND ARE NOT AUTHORIZED FOR TRAVEL. 3.1.6 ENSURE TRAVELERS ARE TRAINED ON PROCEDURES TO ENCRYPT AND DECRYPT SENSITIVE DATA USING ARMY APPROVED SOLUTIONS. 3.1.7 FOR ORGANIZATIONS WITH AN EXISTING DAR ENCRYPTION CAPABILITY, EXTEND WITHIN THE LIMITS OF CURRENT RESOURCES THOSE CAPABILITIES TO ALL REMAINING INFORMATION SYSTEMS WHERE DATA IS AT RISK. ORGANIZATIONS ARE NOT TO EXPEND RESOURCES IN ACQUIRING ADDITIONAL LICENSES TO COVER UNPROTECTED SYSTEMS.  THE ARMY, ALONG WITH DOD AND OTHER FEDERAL AGENCIES PARTICIPATED IN A FEDERAL GOVERNMENT WIDE DAR ENCRYPTION ACQUISITION WHICH YIELDED MULTIPLE ENCRYPTION PRODUCTS. THE ARMY IS FINALIZING ITS DAR PROCUREMENT STRATEGY AND WILL RELEASE UPDATED POLICY THAT WILL IDENTIFY THE APPROVED PRODUCT(S) FOR USE BY ALL ARMY ACTIVITIES IN THE NEAR FUTURE. 3.2. ALL ASSIGNED PERSONNEL WILL COMPLETE THE ARMY G3 COMPUTER SECURITY TRAINING AND THE PROTECTION OF EXTERNAL REMOVABLE MEDIA TRAINING PACKAGES ARE LOCATED AT THE ARMYS VIRTUAL INFORMATION ASSURANCE TRAINING URL LOG IN OR REGISTER AND THEN CLICK LESSON OPTIONS/SELECT MODULE AND SELECT THUMB DRIVE AWARENESS OR ARMY G3 COMPUTER SECURITY TRAINING. 3.3. ESTABLISH A SYSTEM TO REVIEW NEW MOBILE/LAPTOPS THAT ENTER THE UNITS INVENTORY FOR AN "AUTHORIZATION TO TRAVEL" STATUS AND APPLICABLE MARKINGS THAT A DAR SOLUTION WAS APPLIED AND IS USED TO ENCRYPT FOUO AND PII INFORMATION. 4.  (U) REPORTING.  AS OUTLINED IN PARAGRAPH 3, COMMANDS WILL EXECUTE THESE TASKS WITHIN THIRTY DAYS OF THE DATE OF THIS MESSAGE. 4.1 ACOMS, ASCCS, DRUS AND ARMY STAFF WILL ACKNOWLEDGE RECEIPT OF THIS MESSAGE WITHIN 72 HOURS AND PROVIDE THE UNIT POC TO THE ARMY AOC AT COMM (703) , DSN OR 4.2 (U) ACOMS, ASCCS, DRUS, ARMY STAFF, PEOS AND AGENCIES WILL REPORT ATTAINMENT OF 100 PERCENT COMPLIANCE WITH THE TASKS OUTLINED IN PARAGRAPH 3.  POC FOR REPORTING COMPLIANCE IS THE ARMY AOC POC LISTED IN PARA 6.  THERE IS NO REQUIREMENT FOR INCREMENTAL REPORTING. 5. (FOUO)   I CANNOT EMPHASIZE ENOUGH THE IMPORTANCE IN PROTECTING THE PERSONAL INFORMATION OF OUR FORMATIONS.  FAILING TO PROVIDE ADEQUATE PROTECTION PLACES OUR FORCES IN JEOPARDY AND IS AN UNNECESSARY RISK. 6. (FOUO) POCS FOR THIS MESSAGE ARE:  COMPLIANCE CONTACT AOC AT COMM:  (703) DSN DAR IMPLEMENTATION CONTACT MS AMY HARDING NETCOM ESTA, COMM: (703) ;   IA TRAINING CONTACT MR. RON STURMER ESTA COMM:  (703) FOIA AND PII REPORTING PROCEDURES CONTACT ROBERT DICKERSON, COMM (703) DISTRIBUTION: PRINCIPAL OFFICIALS OF HEADQUARTERS, DEPARTMENT OF THE ARMY COMMANDER: U.S. ARMY FORCES COMMAND   U.S. ARMY TRAINING AND DOCTRINE COMMAND   U.S. ARMY MATERIEL COMMAND   U.S. ARMY EUROPE   U.S. ARMY CENTRAL   U.S. ARMY NORTH   U.S. ARMY SOUTH U.S. ARMY PACIFIC U.S. ARMY SPECIAL OPERATIONS COMMAND MILITARY SURFACE DEPLOYMENT AND DISTRIBUTION COMMAND U.S. ARMY SPACE AND MISSILE DEFENSE COMMAND/ARMY STRATEGIC COMMAND EIGHTH U.S. ARMY UNITED STATES ARMY NETWORK ENTERPRISE TECHNOLOGY COMMAND/9TH SIGNAL COMMAND U.S. ARMY MEDICAL COMMAND U.S. ARMY INTELLIGENCE AND SECURITY COMMAND U.S. ARMY CRIMINAL INVESTIGATION COMMAND U.S. ARMY CORPS OF ENGINEERS   U.S. ARMY MILITARY DISTRICT OF WASHINGTON   U.S. ARMY TEST AND EVALUATION COMMAND U.S. MILITARY ACADEMY   U.S. ARMY RESERVE COMMAND   U.S. ARMY ACQUISITION AND SUPPORT CENTER   US ARMY INSTALLATION MANAGEMENT COMMAND EXPIRATION DATE CANNOT BE DETERMINED BT #9838 NNNN Classification:  UNCLASSIFIED Caveats: NONE

4 Briefing END End of: PII “Briefing in a Nutshell”
Specific, Tasks Follow Details to follow in OPORD (not produced as of 9JUL hrs)

5 TASKS COMPLY WITH DAR MESSAGE (REFERENCE C) AND ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON (REFERENCE G) ENSURE ALL HIGH RISK MOBILE INFORMATION SYSTEMS AUTHORIZED FOR TRAVEL (I.E. LAPTOPS AND REMOVABLE STORAGE DEVICES SUCH AS THUMBDRIVES) ARE IDENTIFIED AND APPROPRIATELY CONFIGURED AND LABELED. 3. (FOUO)  IN LIGHT OF THESE EVENTS, COMMANDERS / STAFF DIRECTORS WILL HAVE THEIR ORGANIZATIONS COMPLETE THE TASKS LISTED IN PARAGRAPH 3 NLT 30 DAYS FROM THE DATE OF THIS MESSAGE AND REPORT COMPLIANCE TO THE ARMY OPERATIONS CENTER POC LISTED IN PARAGRAPH 6.  THIS REQUIREMENT APPLIES TO SOLDIERS, DEPARTMENT OF ARMY CIVILIANS AND ARMY CONTRACTORS WHO WORK FOR YOUR ORGANIZATION. * 3.1 COMPLY WITH DAR MESSAGE (REFERENCE C) AND ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON (REFERENCE G). * ENSURE ALL HIGH RISK MOBILE INFORMATION SYSTEMS AUTHORIZED FOR TRAVEL (I.E. LAPTOPS AND REMOVABLE STORAGE DEVICES SUCH AS THUMBDRIVES) ARE IDENTIFIED AND APPROPRIATELY CONFIGURED AND LABELED. 3.1.2 ENSURE LAPTOPS AUTHORIZED FOR TRAVEL ARE PROPERLY CONFIGURED FOR ENCRYPTING DATA AT REST USING AN ARMY APPROVED DAR SOLUTION OR IAW THE BEST BUSINESS PRACTICES IDENTIFIED IN REF E. 3.1.3 IAW REF G, THESE LAPTOPS WILL BE REQUIRED TO USE CAC CRYPTOGRAPHIC LOGON (CCL) FOR WINDOWS DOMAIN LOGON THROUGH GROUP POLICY OBJECT (MACHINE-BASED) ENFORCEMENT TO ELIMINATE THE USE OF USERID/PASSWORD AS A MEANS FOR DEVICE OR NETWORK ACCESS.  THE USE OF CAC/PKI FOR ACCESS CONTROL COMBINED WITH ENCRYPTION OF DATA AT REST PROVIDES STRONG PROTECTION OF PII AND SENSITIVE DATA ON HIGH RISK MOBILE DEVICES. 3.1.4 LABELS ON LAPTOPS MUST STATE THAT THE SYSTEM IS PROTECTED BY A DAR SOLUTION AND AUTHORIZED FOR TRAVEL IAW ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. LABELING ALSO APPLIES TO REMOVEABLE STORAGE DEVICES SUCH AS THUMBDRIVES IF THE DAR SOLUTION SUPPORTS REMOVEABLE MEDIA. ADDITIONALLY, PERSONALLY OWNED THUMBDRIVES THAT ARE USED IN AND AROUND THE GOVERNMENT WORKSPACE, WILL BE LABELED AS PERSONAL AND WILL  NOT BE USED FOR STORING ANY GOVERNMENT DATA OR PII. 3.1.5 LAPTOPS NOT IN FULL COMPLIANCE WILL NOT HAVE THE DAR LABEL AFFIXED AND ARE NOT AUTHORIZED FOR TRAVEL. 3.1.6 ENSURE TRAVELERS ARE TRAINED ON PROCEDURES TO ENCRYPT AND DECRYPT SENSITIVE DATA USING ARMY APPROVED SOLUTIONS. 3.1.7 FOR ORGANIZATIONS WITH AN EXISTING DAR ENCRYPTION CAPABILITY, EXTEND WITHIN THE LIMITS OF CURRENT RESOURCES THOSE CAPABILITIES TO ALL REMAINING INFORMATION SYSTEMS WHERE DATA IS AT RISK. ORGANIZATIONS ARE NOT TO EXPEND RESOURCES IN ACQUIRING ADDITIONAL LICENSES TO COVER UNPROTECTED SYSTEMS.  THE ARMY, ALONG WITH DOD AND OTHER FEDERAL AGENCIES PARTICIPATED IN A FEDERAL GOVERNMENT WIDE DAR ENCRYPTION ACQUISITION WHICH YIELDED MULTIPLE ENCRYPTION PRODUCTS. THE ARMY IS FINALIZING ITS DAR PROCUREMENT STRATEGY AND WILL RELEASE UPDATED POLICY THAT WILL IDENTIFY THE APPROVED PRODUCT(S) FOR USE BY ALL ARMY ACTIVITIES IN THE NEAR FUTURE. 3.2. ALL ASSIGNED PERSONNEL WILL COMPLETE THE ARMY G3 COMPUTER SECURITY TRAINING AND THE PROTECTION OF EXTERNAL REMOVABLE MEDIA TRAINING PACKAGES ARE LOCATED AT THE ARMYS VIRTUAL INFORMATION ASSURANCE TRAINING URL LOG IN OR REGISTER AND THEN CLICK LESSON OPTIONS/SELECT MODULE AND SELECT THUMB DRIVE AWARENESS OR ARMY G3 COMPUTER SECURITY TRAINING. 3.3. ESTABLISH A SYSTEM TO REVIEW NEW MOBILE/LAPTOPS THAT ENTER THE UNITS INVENTORY FOR AN "AUTHORIZATION TO TRAVEL" STATUS AND APPLICABLE MARKINGS THAT A DAR SOLUTION WAS APPLIED AND IS USED TO ENCRYPT FOUO AND PII INFORMATION.

6 TASKS ENSURE LAPTOPS AUTHORIZED FOR TRAVEL ARE PROPERLY CONFIGURED FOR ENCRYPTING DATA AT REST USING AN ARMY APPROVED DAR SOLUTION OR IAW THE BEST BUSINESS PRACTICES IDENTIFIED IN REF E. 3.1.3 IAW REF G, THESE LAPTOPS WILL BE REQUIRED TO USE CAC CRYPTOGRAPHIC LOGON (CCL) FOR WINDOWS DOMAIN LOGON THROUGH GROUP POLICY OBJECT (MACHINE-BASED) ENFORCEMENT TO ELIMINATE THE USE OF USERID/PASSWORD AS A MEANS FOR DEVICE OR NETWORK ACCESS.  THE USE OF CAC/PKI FOR ACCESS CONTROL COMBINED WITH ENCRYPTION OF DATA AT REST PROVIDES STRONG PROTECTION OF PII AND SENSITIVE DATA ON HIGH RISK MOBILE DEVICES. 3. (FOUO)  IN LIGHT OF THESE EVENTS, COMMANDERS / STAFF DIRECTORS WILL HAVE THEIR ORGANIZATIONS COMPLETE THE TASKS LISTED IN PARAGRAPH 3 NLT 30 DAYS FROM THE DATE OF THIS MESSAGE AND REPORT COMPLIANCE TO THE ARMY OPERATIONS CENTER POC LISTED IN PARAGRAPH 6.  THIS REQUIREMENT APPLIES TO SOLDIERS, DEPARTMENT OF ARMY CIVILIANS AND ARMY CONTRACTORS WHO WORK FOR YOUR ORGANIZATION. * 3.1 COMPLY WITH DAR MESSAGE (REFERENCE C) AND ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON (REFERENCE G). * ENSURE ALL HIGH RISK MOBILE INFORMATION SYSTEMS AUTHORIZED FOR TRAVEL (I.E. LAPTOPS AND REMOVABLE STORAGE DEVICES SUCH AS THUMBDRIVES) ARE IDENTIFIED AND APPROPRIATELY CONFIGURED AND LABELED. * ENSURE LAPTOPS AUTHORIZED FOR TRAVEL ARE PROPERLY CONFIGURED FOR ENCRYPTING DATA AT REST USING AN ARMY APPROVED DAR SOLUTION OR IAW THE BEST BUSINESS PRACTICES IDENTIFIED IN REF E. * IAW REF G, THESE LAPTOPS WILL BE REQUIRED TO USE CAC CRYPTOGRAPHIC LOGON (CCL) FOR WINDOWS DOMAIN LOGON THROUGH GROUP POLICY OBJECT (MACHINE-BASED) ENFORCEMENT TO ELIMINATE THE USE OF USERID/PASSWORD AS A MEANS FOR DEVICE OR NETWORK ACCESS.  THE USE OF CAC/PKI FOR ACCESS CONTROL COMBINED WITH ENCRYPTION OF DATA AT REST PROVIDES STRONG PROTECTION OF PII AND SENSITIVE DATA ON HIGH RISK MOBILE DEVICES. 3.1.4 LABELS ON LAPTOPS MUST STATE THAT THE SYSTEM IS PROTECTED BY A DAR SOLUTION AND AUTHORIZED FOR TRAVEL IAW ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. LABELING ALSO APPLIES TO REMOVEABLE STORAGE DEVICES SUCH AS THUMBDRIVES IF THE DAR SOLUTION SUPPORTS REMOVEABLE MEDIA. ADDITIONALLY, PERSONALLY OWNED THUMBDRIVES THAT ARE USED IN AND AROUND THE GOVERNMENT WORKSPACE, WILL BE LABELED AS PERSONAL AND WILL  NOT BE USED FOR STORING ANY GOVERNMENT DATA OR PII. 3.1.5 LAPTOPS NOT IN FULL COMPLIANCE WILL NOT HAVE THE DAR LABEL AFFIXED AND ARE NOT AUTHORIZED FOR TRAVEL. 3.1.6 ENSURE TRAVELERS ARE TRAINED ON PROCEDURES TO ENCRYPT AND DECRYPT SENSITIVE DATA USING ARMY APPROVED SOLUTIONS. 3.1.7 FOR ORGANIZATIONS WITH AN EXISTING DAR ENCRYPTION CAPABILITY, EXTEND WITHIN THE LIMITS OF CURRENT RESOURCES THOSE CAPABILITIES TO ALL REMAINING INFORMATION SYSTEMS WHERE DATA IS AT RISK. ORGANIZATIONS ARE NOT TO EXPEND RESOURCES IN ACQUIRING ADDITIONAL LICENSES TO COVER UNPROTECTED SYSTEMS.  THE ARMY, ALONG WITH DOD AND OTHER FEDERAL AGENCIES PARTICIPATED IN A FEDERAL GOVERNMENT WIDE DAR ENCRYPTION ACQUISITION WHICH YIELDED MULTIPLE ENCRYPTION PRODUCTS. THE ARMY IS FINALIZING ITS DAR PROCUREMENT STRATEGY AND WILL RELEASE UPDATED POLICY THAT WILL IDENTIFY THE APPROVED PRODUCT(S) FOR USE BY ALL ARMY ACTIVITIES IN THE NEAR FUTURE. 3.2. ALL ASSIGNED PERSONNEL WILL COMPLETE THE ARMY G3 COMPUTER SECURITY TRAINING AND THE PROTECTION OF EXTERNAL REMOVABLE MEDIA TRAINING PACKAGES ARE LOCATED AT THE ARMYS VIRTUAL INFORMATION ASSURANCE TRAINING URL LOG IN OR REGISTER AND THEN CLICK LESSON OPTIONS/SELECT MODULE AND SELECT THUMB DRIVE AWARENESS OR ARMY G3 COMPUTER SECURITY TRAINING. 3.3. ESTABLISH A SYSTEM TO REVIEW NEW MOBILE/LAPTOPS THAT ENTER THE UNITS INVENTORY FOR AN "AUTHORIZATION TO TRAVEL" STATUS AND APPLICABLE MARKINGS THAT A DAR SOLUTION WAS APPLIED AND IS USED TO ENCRYPT FOUO AND PII INFORMATION.

7 TASKS 3.1.4 LABELS ON LAPTOPS MUST STATE THAT THE SYSTEM IS PROTECTED BY A DAR SOLUTION AND AUTHORIZED FOR TRAVEL IAW ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. LABELING ALSO APPLIES TO REMOVEABLE STORAGE DEVICES SUCH AS THUMBDRIVES IF THE DAR SOLUTION SUPPORTS REMOVEABLE MEDIA. ADDITIONALLY, PERSONALLY OWNED THUMBDRIVES THAT ARE USED IN AND AROUND THE GOVERNMENT WORKSPACE, WILL BE PROHIBITED OR LABELED AS *PERSONAL* AND WILL  NOT BE USED FOR STORING ANY GOVERNMENT DATA OR PII. 3. (FOUO)  IN LIGHT OF THESE EVENTS, COMMANDERS / STAFF DIRECTORS WILL HAVE THEIR ORGANIZATIONS COMPLETE THE TASKS LISTED IN PARAGRAPH 3 NLT 30 DAYS FROM THE DATE OF THIS MESSAGE AND REPORT COMPLIANCE TO THE ARMY OPERATIONS CENTER POC LISTED IN PARAGRAPH 6.  THIS REQUIREMENT APPLIES TO SOLDIERS, DEPARTMENT OF ARMY CIVILIANS AND ARMY CONTRACTORS WHO WORK FOR YOUR ORGANIZATION. * 3.1 COMPLY WITH DAR MESSAGE (REFERENCE C) AND ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON (REFERENCE G). * ENSURE ALL HIGH RISK MOBILE INFORMATION SYSTEMS AUTHORIZED FOR TRAVEL (I.E. LAPTOPS AND REMOVABLE STORAGE DEVICES SUCH AS THUMBDRIVES) ARE IDENTIFIED AND APPROPRIATELY CONFIGURED AND LABELED. * ENSURE LAPTOPS AUTHORIZED FOR TRAVEL ARE PROPERLY CONFIGURED FOR ENCRYPTING DATA AT REST USING AN ARMY APPROVED DAR SOLUTION OR IAW THE BEST BUSINESS PRACTICES IDENTIFIED IN REF E. * IAW REF G, THESE LAPTOPS WILL BE REQUIRED TO USE CAC CRYPTOGRAPHIC LOGON (CCL) FOR WINDOWS DOMAIN LOGON THROUGH GROUP POLICY OBJECT (MACHINE-BASED) ENFORCEMENT TO ELIMINATE THE USE OF USERID/PASSWORD AS A MEANS FOR DEVICE OR NETWORK ACCESS.  THE USE OF CAC/PKI FOR ACCESS CONTROL COMBINED WITH ENCRYPTION OF DATA AT REST PROVIDES STRONG PROTECTION OF PII AND SENSITIVE DATA ON HIGH RISK MOBILE DEVICES. * LABELS ON LAPTOPS MUST STATE THAT THE SYSTEM IS PROTECTED BY A DAR SOLUTION AND AUTHORIZED FOR TRAVEL IAW ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. LABELING ALSO APPLIES TO REMOVEABLE STORAGE DEVICES SUCH AS THUMBDRIVES IF THE DAR SOLUTION SUPPORTS REMOVEABLE MEDIA. ADDITIONALLY, PERSONALLY OWNED THUMBDRIVES THAT ARE USED IN AND AROUND THE GOVERNMENT WORKSPACE, WILL BE LABELED AS PERSONAL AND WILL  NOT BE USED FOR STORING ANY GOVERNMENT DATA OR PII. 3.1.5 LAPTOPS NOT IN FULL COMPLIANCE WILL NOT HAVE THE DAR LABEL AFFIXED AND ARE NOT AUTHORIZED FOR TRAVEL. 3.1.6 ENSURE TRAVELERS ARE TRAINED ON PROCEDURES TO ENCRYPT AND DECRYPT SENSITIVE DATA USING ARMY APPROVED SOLUTIONS. 3.1.7 FOR ORGANIZATIONS WITH AN EXISTING DAR ENCRYPTION CAPABILITY, EXTEND WITHIN THE LIMITS OF CURRENT RESOURCES THOSE CAPABILITIES TO ALL REMAINING INFORMATION SYSTEMS WHERE DATA IS AT RISK. ORGANIZATIONS ARE NOT TO EXPEND RESOURCES IN ACQUIRING ADDITIONAL LICENSES TO COVER UNPROTECTED SYSTEMS.  THE ARMY, ALONG WITH DOD AND OTHER FEDERAL AGENCIES PARTICIPATED IN A FEDERAL GOVERNMENT WIDE DAR ENCRYPTION ACQUISITION WHICH YIELDED MULTIPLE ENCRYPTION PRODUCTS. THE ARMY IS FINALIZING ITS DAR PROCUREMENT STRATEGY AND WILL RELEASE UPDATED POLICY THAT WILL IDENTIFY THE APPROVED PRODUCT(S) FOR USE BY ALL ARMY ACTIVITIES IN THE NEAR FUTURE. 3.2. ALL ASSIGNED PERSONNEL WILL COMPLETE THE ARMY G3 COMPUTER SECURITY TRAINING AND THE PROTECTION OF EXTERNAL REMOVABLE MEDIA TRAINING PACKAGES ARE LOCATED AT THE ARMYS VIRTUAL INFORMATION ASSURANCE TRAINING URL LOG IN OR REGISTER AND THEN CLICK LESSON OPTIONS/SELECT MODULE AND SELECT THUMB DRIVE AWARENESS OR ARMY G3 COMPUTER SECURITY TRAINING. 3.3. ESTABLISH A SYSTEM TO REVIEW NEW MOBILE/LAPTOPS THAT ENTER THE UNITS INVENTORY FOR AN "AUTHORIZATION TO TRAVEL" STATUS AND APPLICABLE MARKINGS THAT A DAR SOLUTION WAS APPLIED AND IS USED TO ENCRYPT FOUO AND PII INFORMATION.

8 TASKS LAPTOPS NOT IN FULL COMPLIANCE WILL NOT HAVE THE DAR LABEL AFFIXED AND ARE NOT AUTHORIZED FOR TRAVEL. ENSURE TRAVELERS ARE TRAINED ON PROCEDURES TO ENCRYPT AND DECRYPT SENSITIVE DATA USING ARMY APPROVED SOLUTIONS. 3. (FOUO)  IN LIGHT OF THESE EVENTS, COMMANDERS / STAFF DIRECTORS WILL HAVE THEIR ORGANIZATIONS COMPLETE THE TASKS LISTED IN PARAGRAPH 3 NLT 30 DAYS FROM THE DATE OF THIS MESSAGE AND REPORT COMPLIANCE TO THE ARMY OPERATIONS CENTER POC LISTED IN PARAGRAPH 6.  THIS REQUIREMENT APPLIES TO SOLDIERS, DEPARTMENT OF ARMY CIVILIANS AND ARMY CONTRACTORS WHO WORK FOR YOUR ORGANIZATION. * 3.1 COMPLY WITH DAR MESSAGE (REFERENCE C) AND ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON (REFERENCE G). * ENSURE ALL HIGH RISK MOBILE INFORMATION SYSTEMS AUTHORIZED FOR TRAVEL (I.E. LAPTOPS AND REMOVABLE STORAGE DEVICES SUCH AS THUMBDRIVES) ARE IDENTIFIED AND APPROPRIATELY CONFIGURED AND LABELED. * ENSURE LAPTOPS AUTHORIZED FOR TRAVEL ARE PROPERLY CONFIGURED FOR ENCRYPTING DATA AT REST USING AN ARMY APPROVED DAR SOLUTION OR IAW THE BEST BUSINESS PRACTICES IDENTIFIED IN REF E. * IAW REF G, THESE LAPTOPS WILL BE REQUIRED TO USE CAC CRYPTOGRAPHIC LOGON (CCL) FOR WINDOWS DOMAIN LOGON THROUGH GROUP POLICY OBJECT (MACHINE-BASED) ENFORCEMENT TO ELIMINATE THE USE OF USERID/PASSWORD AS A MEANS FOR DEVICE OR NETWORK ACCESS.  THE USE OF CAC/PKI FOR ACCESS CONTROL COMBINED WITH ENCRYPTION OF DATA AT REST PROVIDES STRONG PROTECTION OF PII AND SENSITIVE DATA ON HIGH RISK MOBILE DEVICES. * LABELS ON LAPTOPS MUST STATE THAT THE SYSTEM IS PROTECTED BY A DAR SOLUTION AND AUTHORIZED FOR TRAVEL IAW ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. LABELING ALSO APPLIES TO REMOVEABLE STORAGE DEVICES SUCH AS THUMBDRIVES IF THE DAR SOLUTION SUPPORTS REMOVEABLE MEDIA. ADDITIONALLY, PERSONALLY OWNED THUMBDRIVES THAT ARE USED IN AND AROUND THE GOVERNMENT WORKSPACE, WILL BE LABELED AS PERSONAL AND WILL  NOT BE USED FOR STORING ANY GOVERNMENT DATA OR PII. * LAPTOPS NOT IN FULL COMPLIANCE WILL NOT HAVE THE DAR LABEL AFFIXED AND ARE NOT AUTHORIZED FOR TRAVEL. * ENSURE TRAVELERS ARE TRAINED ON PROCEDURES TO ENCRYPT AND DECRYPT SENSITIVE DATA USING ARMY APPROVED SOLUTIONS. 3.1.7 FOR ORGANIZATIONS WITH AN EXISTING DAR ENCRYPTION CAPABILITY, EXTEND WITHIN THE LIMITS OF CURRENT RESOURCES THOSE CAPABILITIES TO ALL REMAINING INFORMATION SYSTEMS WHERE DATA IS AT RISK. ORGANIZATIONS ARE NOT TO EXPEND RESOURCES IN ACQUIRING ADDITIONAL LICENSES TO COVER UNPROTECTED SYSTEMS.  THE ARMY, ALONG WITH DOD AND OTHER FEDERAL AGENCIES PARTICIPATED IN A FEDERAL GOVERNMENT WIDE DAR ENCRYPTION ACQUISITION WHICH YIELDED MULTIPLE ENCRYPTION PRODUCTS. THE ARMY IS FINALIZING ITS DAR PROCUREMENT STRATEGY AND WILL RELEASE UPDATED POLICY THAT WILL IDENTIFY THE APPROVED PRODUCT(S) FOR USE BY ALL ARMY ACTIVITIES IN THE NEAR FUTURE. 3.2. ALL ASSIGNED PERSONNEL WILL COMPLETE THE ARMY G3 COMPUTER SECURITY TRAINING AND THE PROTECTION OF EXTERNAL REMOVABLE MEDIA TRAINING PACKAGES ARE LOCATED AT THE ARMYS VIRTUAL INFORMATION ASSURANCE TRAINING URL LOG IN OR REGISTER AND THEN CLICK LESSON OPTIONS/SELECT MODULE AND SELECT THUMB DRIVE AWARENESS OR ARMY G3 COMPUTER SECURITY TRAINING. 3.3. ESTABLISH A SYSTEM TO REVIEW NEW MOBILE/LAPTOPS THAT ENTER THE UNITS INVENTORY FOR AN "AUTHORIZATION TO TRAVEL" STATUS AND APPLICABLE MARKINGS THAT A DAR SOLUTION WAS APPLIED AND IS USED TO ENCRYPT FOUO AND PII INFORMATION.

9 TASKS FOR ORGANIZATIONS WITH AN EXISTING DAR ENCRYPTION CAPABILITY, EXTEND WITHIN THE LIMITS OF CURRENT RESOURCES THOSE CAPABILITIES TO ALL REMAINING INFORMATION SYSTEMS WHERE DATA IS AT RISK. ORGANIZATIONS ARE NOT TO EXPEND RESOURCES IN ACQUIRING ADDITIONAL LICENSES TO COVER UNPROTECTED SYSTEMS.  THE ARMY, ALONG WITH DOD AND OTHER FEDERAL AGENCIES PARTICIPATED IN A FEDERAL GOVERNMENT WIDE DAR ENCRYPTION ACQUISITION WHICH YIELDED MULTIPLE ENCRYPTION PRODUCTS. THE ARMY IS FINALIZING ITS DAR PROCUREMENT STRATEGY AND WILL RELEASE UPDATED POLICY THAT WILL IDENTIFY THE APPROVED PRODUCT(S) FOR USE BY ALL ARMY ACTIVITIES IN THE NEAR FUTURE. 3. (FOUO)  IN LIGHT OF THESE EVENTS, COMMANDERS / STAFF DIRECTORS WILL HAVE THEIR ORGANIZATIONS COMPLETE THE TASKS LISTED IN PARAGRAPH 3 NLT 30 DAYS FROM THE DATE OF THIS MESSAGE AND REPORT COMPLIANCE TO THE ARMY OPERATIONS CENTER POC LISTED IN PARAGRAPH 6.  THIS REQUIREMENT APPLIES TO SOLDIERS, DEPARTMENT OF ARMY CIVILIANS AND ARMY CONTRACTORS WHO WORK FOR YOUR ORGANIZATION. * 3.1 COMPLY WITH DAR MESSAGE (REFERENCE C) AND ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON (REFERENCE G). * ENSURE ALL HIGH RISK MOBILE INFORMATION SYSTEMS AUTHORIZED FOR TRAVEL (I.E. LAPTOPS AND REMOVABLE STORAGE DEVICES SUCH AS THUMBDRIVES) ARE IDENTIFIED AND APPROPRIATELY CONFIGURED AND LABELED. * ENSURE LAPTOPS AUTHORIZED FOR TRAVEL ARE PROPERLY CONFIGURED FOR ENCRYPTING DATA AT REST USING AN ARMY APPROVED DAR SOLUTION OR IAW THE BEST BUSINESS PRACTICES IDENTIFIED IN REF E. * IAW REF G, THESE LAPTOPS WILL BE REQUIRED TO USE CAC CRYPTOGRAPHIC LOGON (CCL) FOR WINDOWS DOMAIN LOGON THROUGH GROUP POLICY OBJECT (MACHINE-BASED) ENFORCEMENT TO ELIMINATE THE USE OF USERID/PASSWORD AS A MEANS FOR DEVICE OR NETWORK ACCESS.  THE USE OF CAC/PKI FOR ACCESS CONTROL COMBINED WITH ENCRYPTION OF DATA AT REST PROVIDES STRONG PROTECTION OF PII AND SENSITIVE DATA ON HIGH RISK MOBILE DEVICES. * LABELS ON LAPTOPS MUST STATE THAT THE SYSTEM IS PROTECTED BY A DAR SOLUTION AND AUTHORIZED FOR TRAVEL IAW ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. LABELING ALSO APPLIES TO REMOVEABLE STORAGE DEVICES SUCH AS THUMBDRIVES IF THE DAR SOLUTION SUPPORTS REMOVEABLE MEDIA. ADDITIONALLY, PERSONALLY OWNED THUMBDRIVES THAT ARE USED IN AND AROUND THE GOVERNMENT WORKSPACE, WILL BE LABELED AS PERSONAL AND WILL  NOT BE USED FOR STORING ANY GOVERNMENT DATA OR PII. * LAPTOPS NOT IN FULL COMPLIANCE WILL NOT HAVE THE DAR LABEL AFFIXED AND ARE NOT AUTHORIZED FOR TRAVEL. * ENSURE TRAVELERS ARE TRAINED ON PROCEDURES TO ENCRYPT AND DECRYPT SENSITIVE DATA USING ARMY APPROVED SOLUTIONS. * FOR ORGANIZATIONS WITH AN EXISTING DAR ENCRYPTION CAPABILITY, EXTEND WITHIN THE LIMITS OF CURRENT RESOURCES THOSE CAPABILITIES TO ALL REMAINING INFORMATION SYSTEMS WHERE DATA IS AT RISK. ORGANIZATIONS ARE NOT TO EXPEND RESOURCES IN ACQUIRING ADDITIONAL LICENSES TO COVER UNPROTECTED SYSTEMS.  THE ARMY, ALONG WITH DOD AND OTHER FEDERAL AGENCIES PARTICIPATED IN A FEDERAL GOVERNMENT WIDE DAR ENCRYPTION ACQUISITION WHICH YIELDED MULTIPLE ENCRYPTION PRODUCTS. THE ARMY IS FINALIZING ITS DAR PROCUREMENT STRATEGY AND WILL RELEASE UPDATED POLICY THAT WILL IDENTIFY THE APPROVED PRODUCT(S) FOR USE BY ALL ARMY ACTIVITIES IN THE NEAR FUTURE. 3.2. ALL ASSIGNED PERSONNEL WILL COMPLETE THE ARMY G3 COMPUTER SECURITY TRAINING AND THE PROTECTION OF EXTERNAL REMOVABLE MEDIA TRAINING PACKAGES ARE LOCATED AT THE ARMYS VIRTUAL INFORMATION ASSURANCE TRAINING URL LOG IN OR REGISTER AND THEN CLICK LESSON OPTIONS/SELECT MODULE AND SELECT THUMB DRIVE AWARENESS OR ARMY G3 COMPUTER SECURITY TRAINING. 3.3. ESTABLISH A SYSTEM TO REVIEW NEW MOBILE/LAPTOPS THAT ENTER THE UNITS INVENTORY FOR AN "AUTHORIZATION TO TRAVEL" STATUS AND APPLICABLE MARKINGS THAT A DAR SOLUTION WAS APPLIED AND IS USED TO ENCRYPT FOUO AND PII INFORMATION.

10 TASKS ALL ASSIGNED PERSONNEL WILL COMPLETE THE ARMY G3 COMPUTER SECURITY TRAINING AND THE PROTECTION OF EXTERNAL REMOVABLE MEDIA TRAINING PACKAGES ARE LOCATED AT THE ARMY’S VIRTUAL INFORMATION ASSURANCE TRAINING URL LOG IN OR REGISTER AND THEN CLICK LESSON OPTIONS/SELECT MODULE AND SELECT THUMB DRIVE AWARENESS OR ARMY G3 COMPUTER SECURITY TRAINING. 3. (FOUO)  IN LIGHT OF THESE EVENTS, COMMANDERS / STAFF DIRECTORS WILL HAVE THEIR ORGANIZATIONS COMPLETE THE TASKS LISTED IN PARAGRAPH 3 NLT 30 DAYS FROM THE DATE OF THIS MESSAGE AND REPORT COMPLIANCE TO THE ARMY OPERATIONS CENTER POC LISTED IN PARAGRAPH 6.  THIS REQUIREMENT APPLIES TO SOLDIERS, DEPARTMENT OF ARMY CIVILIANS AND ARMY CONTRACTORS WHO WORK FOR YOUR ORGANIZATION. * 3.1 COMPLY WITH DAR MESSAGE (REFERENCE C) AND ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON (REFERENCE G). * ENSURE ALL HIGH RISK MOBILE INFORMATION SYSTEMS AUTHORIZED FOR TRAVEL (I.E. LAPTOPS AND REMOVABLE STORAGE DEVICES SUCH AS THUMBDRIVES) ARE IDENTIFIED AND APPROPRIATELY CONFIGURED AND LABELED. * ENSURE LAPTOPS AUTHORIZED FOR TRAVEL ARE PROPERLY CONFIGURED FOR ENCRYPTING DATA AT REST USING AN ARMY APPROVED DAR SOLUTION OR IAW THE BEST BUSINESS PRACTICES IDENTIFIED IN REF E. * IAW REF G, THESE LAPTOPS WILL BE REQUIRED TO USE CAC CRYPTOGRAPHIC LOGON (CCL) FOR WINDOWS DOMAIN LOGON THROUGH GROUP POLICY OBJECT (MACHINE-BASED) ENFORCEMENT TO ELIMINATE THE USE OF USERID/PASSWORD AS A MEANS FOR DEVICE OR NETWORK ACCESS.  THE USE OF CAC/PKI FOR ACCESS CONTROL COMBINED WITH ENCRYPTION OF DATA AT REST PROVIDES STRONG PROTECTION OF PII AND SENSITIVE DATA ON HIGH RISK MOBILE DEVICES. * LABELS ON LAPTOPS MUST STATE THAT THE SYSTEM IS PROTECTED BY A DAR SOLUTION AND AUTHORIZED FOR TRAVEL IAW ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. LABELING ALSO APPLIES TO REMOVEABLE STORAGE DEVICES SUCH AS THUMBDRIVES IF THE DAR SOLUTION SUPPORTS REMOVEABLE MEDIA. ADDITIONALLY, PERSONALLY OWNED THUMBDRIVES THAT ARE USED IN AND AROUND THE GOVERNMENT WORKSPACE, WILL BE LABELED AS PERSONAL AND WILL  NOT BE USED FOR STORING ANY GOVERNMENT DATA OR PII. * LAPTOPS NOT IN FULL COMPLIANCE WILL NOT HAVE THE DAR LABEL AFFIXED AND ARE NOT AUTHORIZED FOR TRAVEL. * ENSURE TRAVELERS ARE TRAINED ON PROCEDURES TO ENCRYPT AND DECRYPT SENSITIVE DATA USING ARMY APPROVED SOLUTIONS. * FOR ORGANIZATIONS WITH AN EXISTING DAR ENCRYPTION CAPABILITY, EXTEND WITHIN THE LIMITS OF CURRENT RESOURCES THOSE CAPABILITIES TO ALL REMAINING INFORMATION SYSTEMS WHERE DATA IS AT RISK. ORGANIZATIONS ARE NOT TO EXPEND RESOURCES IN ACQUIRING ADDITIONAL LICENSES TO COVER UNPROTECTED SYSTEMS.  THE ARMY, ALONG WITH DOD AND OTHER FEDERAL AGENCIES PARTICIPATED IN A FEDERAL GOVERNMENT WIDE DAR ENCRYPTION ACQUISITION WHICH YIELDED MULTIPLE ENCRYPTION PRODUCTS. THE ARMY IS FINALIZING ITS DAR PROCUREMENT STRATEGY AND WILL RELEASE UPDATED POLICY THAT WILL IDENTIFY THE APPROVED PRODUCT(S) FOR USE BY ALL ARMY ACTIVITIES IN THE NEAR FUTURE. * 3.2. ALL ASSIGNED PERSONNEL WILL COMPLETE THE ARMY G3 COMPUTER SECURITY TRAINING AND THE PROTECTION OF EXTERNAL REMOVABLE MEDIA TRAINING PACKAGES ARE LOCATED AT THE ARMYS VIRTUAL INFORMATION ASSURANCE TRAINING URL LOG IN OR REGISTER AND THEN CLICK LESSON OPTIONS/SELECT MODULE AND SELECT THUMB DRIVE AWARENESS OR ARMY G3 COMPUTER SECURITY TRAINING. 3.3. ESTABLISH A SYSTEM TO REVIEW NEW MOBILE/LAPTOPS THAT ENTER THE UNITS INVENTORY FOR AN "AUTHORIZATION TO TRAVEL" STATUS AND APPLICABLE MARKINGS THAT A DAR SOLUTION WAS APPLIED AND IS USED TO ENCRYPT FOUO AND PII INFORMATION.

11 TASKS ESTABLISH A SYSTEM TO REVIEW NEW MOBILE/LAPTOPS THAT ENTER THE UNITS INVENTORY FOR AN "AUTHORIZATION TO TRAVEL" STATUS AND APPLICABLE MARKINGS THAT A DAR SOLUTION WAS APPLIED AND IS USED TO ENCRYPT FOUO AND PII INFORMATION. 3. (FOUO)  IN LIGHT OF THESE EVENTS, COMMANDERS / STAFF DIRECTORS WILL HAVE THEIR ORGANIZATIONS COMPLETE THE TASKS LISTED IN PARAGRAPH 3 NLT 30 DAYS FROM THE DATE OF THIS MESSAGE AND REPORT COMPLIANCE TO THE ARMY OPERATIONS CENTER POC LISTED IN PARAGRAPH 6.  THIS REQUIREMENT APPLIES TO SOLDIERS, DEPARTMENT OF ARMY CIVILIANS AND ARMY CONTRACTORS WHO WORK FOR YOUR ORGANIZATION. * 3.1 COMPLY WITH DAR MESSAGE (REFERENCE C) AND ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD CRYPTOGRAPHIC NETWORK LOGON (REFERENCE G). * ENSURE ALL HIGH RISK MOBILE INFORMATION SYSTEMS AUTHORIZED FOR TRAVEL (I.E. LAPTOPS AND REMOVABLE STORAGE DEVICES SUCH AS THUMBDRIVES) ARE IDENTIFIED AND APPROPRIATELY CONFIGURED AND LABELED. * ENSURE LAPTOPS AUTHORIZED FOR TRAVEL ARE PROPERLY CONFIGURED FOR ENCRYPTING DATA AT REST USING AN ARMY APPROVED DAR SOLUTION OR IAW THE BEST BUSINESS PRACTICES IDENTIFIED IN REF E. * IAW REF G, THESE LAPTOPS WILL BE REQUIRED TO USE CAC CRYPTOGRAPHIC LOGON (CCL) FOR WINDOWS DOMAIN LOGON THROUGH GROUP POLICY OBJECT (MACHINE-BASED) ENFORCEMENT TO ELIMINATE THE USE OF USERID/PASSWORD AS A MEANS FOR DEVICE OR NETWORK ACCESS.  THE USE OF CAC/PKI FOR ACCESS CONTROL COMBINED WITH ENCRYPTION OF DATA AT REST PROVIDES STRONG PROTECTION OF PII AND SENSITIVE DATA ON HIGH RISK MOBILE DEVICES. * LABELS ON LAPTOPS MUST STATE THAT THE SYSTEM IS PROTECTED BY A DAR SOLUTION AND AUTHORIZED FOR TRAVEL IAW ALARACT MESSAGE DATED Z OCT 06 SUBJECT: ARMY DATA-AT-REST (DAR) PROTECTION STRATEGY. LABELING ALSO APPLIES TO REMOVEABLE STORAGE DEVICES SUCH AS THUMBDRIVES IF THE DAR SOLUTION SUPPORTS REMOVEABLE MEDIA. ADDITIONALLY, PERSONALLY OWNED THUMBDRIVES THAT ARE USED IN AND AROUND THE GOVERNMENT WORKSPACE, WILL BE LABELED AS PERSONAL AND WILL  NOT BE USED FOR STORING ANY GOVERNMENT DATA OR PII. * LAPTOPS NOT IN FULL COMPLIANCE WILL NOT HAVE THE DAR LABEL AFFIXED AND ARE NOT AUTHORIZED FOR TRAVEL. * ENSURE TRAVELERS ARE TRAINED ON PROCEDURES TO ENCRYPT AND DECRYPT SENSITIVE DATA USING ARMY APPROVED SOLUTIONS. * FOR ORGANIZATIONS WITH AN EXISTING DAR ENCRYPTION CAPABILITY, EXTEND WITHIN THE LIMITS OF CURRENT RESOURCES THOSE CAPABILITIES TO ALL REMAINING INFORMATION SYSTEMS WHERE DATA IS AT RISK. ORGANIZATIONS ARE NOT TO EXPEND RESOURCES IN ACQUIRING ADDITIONAL LICENSES TO COVER UNPROTECTED SYSTEMS.  THE ARMY, ALONG WITH DOD AND OTHER FEDERAL AGENCIES PARTICIPATED IN A FEDERAL GOVERNMENT WIDE DAR ENCRYPTION ACQUISITION WHICH YIELDED MULTIPLE ENCRYPTION PRODUCTS. THE ARMY IS FINALIZING ITS DAR PROCUREMENT STRATEGY AND WILL RELEASE UPDATED POLICY THAT WILL IDENTIFY THE APPROVED PRODUCT(S) FOR USE BY ALL ARMY ACTIVITIES IN THE NEAR FUTURE. * 3.2. ALL ASSIGNED PERSONNEL WILL COMPLETE THE ARMY G3 COMPUTER SECURITY TRAINING AND THE PROTECTION OF EXTERNAL REMOVABLE MEDIA TRAINING PACKAGES ARE LOCATED AT THE ARMYS VIRTUAL INFORMATION ASSURANCE TRAINING URL LOG IN OR REGISTER AND THEN CLICK LESSON OPTIONS/SELECT MODULE AND SELECT THUMB DRIVE AWARENESS OR ARMY G3 COMPUTER SECURITY TRAINING. * 3.3. ESTABLISH A SYSTEM TO REVIEW NEW MOBILE/LAPTOPS THAT ENTER THE UNITS INVENTORY FOR AN "AUTHORIZATION TO TRAVEL" STATUS AND APPLICABLE MARKINGS THAT A DAR SOLUTION WAS APPLIED AND IS USED TO ENCRYPT FOUO AND PII INFORMATION.


Download ppt "PERSONALLY IDENTIFIABLE INFORMATION (PII) BRIEFING"

Similar presentations


Ads by Google