The Pentagon recently issued an instruction memo that outlines the Defense Department's policies for setting up, operating and maintaining "DOD Internet services on unclassified networks to collect, disseminate, store, and otherwise process unclassified DOD information," as well as the "use of Internet-based capabilities (IbC) to collect, disseminate, store, and otherwise process unclassified DOD information."
4. It is DoD policy that:
a. Decisions to collaborate, participate, or to disseminate or gather information via DoD Internet services or IbC shall balance benefits and vulnerabilities. Internet infrastructure, services, and technologies provide versatile communication assets that must be managed to mitigate risks to national security; to the safety, security, and privacy of personnel; and to Federal agencies.
b. DoD Internet services and IbC used to collect, disseminate, store, or otherwise process DoD information shall be configured and operated in a manner that maximizes the protection (e.g., confidentiality, integrity, and availability) of the information, commensurate with the risk and magnitude of harm that could result from the loss, compromise, or corruption of the information.
(1) For use of DoD Internet services, paragraph 4.b. applies to both public and non-public DoD information.
(2) For use of IbC, this applies to the integrity and availability of public DoD information. IbC shall not be used to collect, disseminate, store, or otherwise process non-public DoD information, as IbC are not subject to Federal or DoD information assurance (IA) standards, controls, or enforcement, and therefore may not consistently provide confidentiality.
c. DoD information systems (ISs) hosting DoD Internet services shall be operated and configured to meet the requirements in DoDD 8500.01E (Reference (f)) and DoDI 8500.2 (Reference (g)), and certified and accredited in compliance with DoDI 8510.01 (Reference (h)).
d. Effective information review procedures for clearance and release authorization for DoD information to the public are conducted in compliance with DoDD 5230.09 and DoDI 5230.29 (References (i) and (j)). DoD information intended for non-public audiences requires similar review and consideration prior to dissemination. DoD employees shall be educated and trained to conduct both organizational and individual communication effectively to deny adversaries the opportunity to take advantage of information that may be inappropriately disseminated.
e. Public DoD websites shall be operated in compliance with the laws and requirements cited in Reference (c). Detailed explanations, and implementation guidance are provided at the Web Manager’s Advisory Council Website.
f. DoD Internet services and the information disseminated via these services, where appropriate, shall be made available to Federal initiatives such as Data.gov, Recovery.gov, and USA.gov to reduce duplication and to foster greater participation, collaboration, and transparency with the public. Where feasible and appropriate, such DoD information shall be provided as datasets in raw (machine readable) format as defined in DepSecDef Memorandum (Reference (k)).
g. All unclassified DoD networks (e.g., Non-classified Internet Protocol Router Network (NIPRNET), the Defense Research and Engineering Network) shall be configured to provide access to IbC across all the DoD Components.
h. Authorized users of unclassified DoD networks shall comply with all laws, policies, regulations, and guidance concerning communication and the appropriate control of DoD information referenced throughout this Instruction regardless of the technology used. Furthermore, all personal use of IbC by means of Federal government resources shall comply with paragraph 2-301 of DoD 5500.7-R (Reference (l)).