• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
Army Regulation 380\u201319
Security

Information
Systems
Security

Headquarters

Department of the Army
Washington, DC
27 February 1998

UNCLASSIFIED
SUMMARY of CHANGE
AR 380\u201319
Information Systems Security
This regulation--
o Requires the use of cost-effective information systems security (ISS)
measures to respond to the specific threats and vulnerabilities associated
with each information system (para 1-5a).
o Emphasizes the requirement to address security in all stages of system
development (para 1-5e).
o Provides information systems security requirements for system administrators
(para 1-6d).
o Removed the position/title of terminal area security officer (TASO) to comply
with national policies (para 1-6).
o Replaces the acronyms US1, US2, CS1, CS2, and CS3 with Unclassified

Nonsensitive, Sensitive But Unclassified, Confidential, Secret, Top Secret, and Sensitive Compartmented Information Subsystem to comply with national policies (para 2-2).

o Removed paragraph 2-11, \u2019Location and construction of a Central Computer Complex,\u2019 because the U.S. Army has very few central computer facilities under construction and should not be included in an ISS policy regulation.

o Removed paragraph 2-12, \u2019Mainframe computer equipment room standards,\u2019
because the U.S. Army has very few mainframe computers remaining and should
not be included in an ISS policy regulation.
o Addresses security requirements for laptop, notebook, and portable
information systems (para 2-11).
o Provides minimum standards for generating and using passwords to control
access to information systems (para 2-14).
o Introduces the Land Information Warfare Activity as the Army focal point for
reporting system vulnerabilities (2-27).
o Updates reporting requirements for automated information system (AIS)
security incidents and technical vulnerabilities (para 2-27).

o Introduces the concept of site-based accreditation for the Sensitive
Compartmented Information (SCI) system and an alternative to accrediting
collateral systems while taking into account their interconnectivity

concerns and allows other related systems to be included in a site (para 3-
11).
o Introduces a warning banner for the monitoring of the Army system (para 4-1m).
o Reconstructs chapter 5, Risk Management, to meet the ISS environment
currently facing ISS managers.
o Introduces policy and guidance for use of Government-sponsored Internet
accounts (app B).
o Incorporates the National Security Agency\u2019s Manual 130-1, annex S, as
requested by the Department of the Army Inspector General, to address
clearing, purging, declassifying , and destroying magnetic media (app F).
o Provides an Army Management Control Process for administration of the Army
Information System Security Program (app C).
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...