The Department of Defense’s (DoD) Office of the Chief Information Officer (CIO) is tightening up security around the department’s information systems with a new policy on managing access to DoD IT resources.
The new policy, which took effect on Sept. 3, outlines the roles of the DoD CIO and other component heads to streamline access management for the department’s IT systems. The policy also tags the chief data and artificial intelligence officer (CDAO) to bolster data and AI efforts to support dynamic access.
The policy aims to enhance security and streamline access management while ensuring that the DoD’s IT systems are as efficient and interoperable as possible.
“Access to DoD information systems will be managed to preserve DoD security,” the document states. “While efficiency and interoperability are key, IT resource and system owners must adhere to the protocols and procedures outlined for access management.”
Under this new directive, the CIO will streamline access management procedures and work with other DoD components to develop and maintain identity, credential, and access management (ICAM) platform requirements.
ICAM has been a top priority for DoD Acting CIO Leslie Beavers. At the Billington Cybersecurity Summit, she emphasized that ICAM is the CIO’s “big effort this year,” aiming for a truly federated solution.
The policy also involves other DoD components in supporting the CIO’s ICAM initiatives.
The Defense Information Systems Agency (DISA) is designated to oversee DoD enterprise ICAM services, including their setup, operation, testing, maintenance, and cybersecurity, while also managing non-person entity access. DISA will also coordinate with the director of the National Security Agency to develop security requirements and technical guides for access management; supporting ICAM services and establishing cryptographic standards for ICAM solutions on National Security Systems.
Additionally, the chairman of the Joint Chiefs of Staff will validate authorization requirements for joint missions, ensure compliance with security policies, and coordinate ICAM services for external mission partners.
The CDAO will drive data and AI efforts by setting DoD-wide data tagging standards and developing policies to support dynamic access. The CDAO will also establish guidelines for digital policy implementation and create a governance framework for digital services and AI capabilities.
