| D-2022-2076-DEV0PD-0001-0002.b |
No |
$0 |
$0 |
|
|
(U) Rec. 2.b: The DoD OIG recommended that the Under Secretary of Defense for Intelligence and Security develop operations security training requirements on the risks of sharing DoD information on non-DoD-controlled systems and add these requirements to the existing training requirements described in DoD Instruction 8170.01, Online Information Management and Electronic Messaging, August 24, 2021, and DoD Directive, 5205.02E, DoD Operations Security (OPSEC) Program, June 20, 2012, (Incorporating Change 2, August 20, 2020).
|
| D-2022-2076-DEV0PD-0001-0003.a.4 |
No |
$0 |
$0 |
|
|
(U) Rec. 3.a: The DoD OIG recommended that the Commanders of the U.S. Africa Command, U.S. Central Command, U.S. European Command, U.S. Indo-Pacific Command, and U.S. Southern Command issue command-level guidance clarifying the use of non-DoD-controlled electronic messaging systems. This guidance should include: i. any area of responsibility-specific conditions that permit personnel to use non-DoD-controlled messaging systems; ii. what information can be shared over the electronic messaging system; iii. how personnel are to maintain records generated on non-DoD systems in accordance with records management regulations; iv. how to report any security violations or misuse of a system; v. a process to ensure that any use of non-DoD-controlled electronic messaging systems meets the exception criteria in DoD Instruction 8170.01, "Online Information Management and Electronic Messaging," August 24, 2021; vi. additional training criteria for personnel that addresses the risks of using non-DoD electronic messaging systems, violating operations security regulations, and consequences of noncompliance.
|
| D-2022-2076-DEV0PD-0001-0003.a.5 |
No |
$0 |
$0 |
|
|
(U) Rec. 3.a: The DoD OIG recommended that the Commanders of the U.S. Africa Command, U.S. Central Command, U.S. European Command, U.S. Indo-Pacific Command, and U.S. Southern Command issue command-level guidance clarifying the use of non-DoD-controlled electronic messaging systems. This guidance should include: i. any area of responsibility-specific conditions that permit personnel to use non-DoD-controlled messaging systems; ii. what information can be shared over the electronic messaging system; iii. how personnel are to maintain records generated on non-DoD systems in accordance with records management regulations; iv. how to report any security violations or misuse of a system; v. a process to ensure that any use of non-DoD-controlled electronic messaging systems meets the exception criteria in DoD Instruction 8170.01, "Online Information Management and Electronic Messaging," August 24, 2021; vi. additional training criteria for personnel that addresses the risks of using non-DoD electronic messaging systems, violating operations security regulations, and consequences of noncompliance.
|
| D-2022-2076-DEV0PD-0001-0003.b.4 |
No |
$0 |
$0 |
|
|
(U) Rec. 3.b: The DoD OIG recommended that the Commanders of the U.S. Africa Command, U.S. Central Command, U.S. European Command, U.S. Indo-Pacific Command, and U.S. Southern Command establish risk assessment procedures to evaluate and monitor combatant command use of current and emerging information technologies to identify opportunities for use and to assess risks in accordance with DoD Instruction 8170.01, "Online Information Management and Electronic Messaging," August 24, 2021.
|
| D-2022-2076-DEV0PD-0001-0003.b.5 |
No |
$0 |
$0 |
|
|
(U) Rec. 3.b: The DoD OIG recommended that the Commanders of the U.S. Africa Command, U.S. Central Command, U.S. European Command, U.S. Indo-Pacific Command, and U.S. Southern Command establish risk assessment procedures to evaluate and monitor combatant command use of current and emerging information technologies to identify opportunities for use and to assess risks in accordance with DoD Instruction 8170.01, "Online Information Management and Electronic Messaging," August 24, 2021.
|
