G2TT
来源类型Research Reports
规范类型报告
DOIhttps://doi.org/10.7249/RR1476
ISBN9780833095961
来源IDRR-1476-OSD
Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy
Megan McKernan; Jessie Riposo; Jeffrey A. Drezner; Geoffrey McGovern; Douglas Shontz; Clifford A. Grammich
发表日期2016
出版年2016
页码80
语种英语
结论

Identifying Which Sensitive Unclassified Information in Defense Acquisition Requires Protection and How to Properly Protect It Through the Use of Appropriate Markings and Security Policy Can Be Problematic

  • The current environment in which acquisition data are protected and shared can be characterized by many organizations promulgating policy on overlapping and interrelated topics, policies that are relatively new and change frequently, and an ill-defined Controlled Unclassified Information (CUI) policy. Those who originate the policies do not fund their implementation, meaning that a new or changed policy is effectively an unfunded requirement for information system managers.
  • The authors were unable to find any single document that collects and describes the most commonly used CUI labels in the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics. Some of these labels are legacy markings and practices that are not aligned with draft CUI policy. As a result, acquisition documentation with CUI may be mislabeled.
  • Proprietary information (PROPIN) is a special class of CUI that relates to information and data developed by a private entity but shared with the government. Substantial confusion exists within DoD about what information is truly proprietary, who can have access to it, and how to grant access when needed. While there are some laws and policy that describe PROPIN, no single source describes the processes and procedures.
  • Security policies tend to be one-size-fits-all, which does not reflect the unique characteristics of each information system. Originators of security policies do not fund their implementation, meaning that a new or changed policy is effectively an unfunded requirement for system managers.
摘要
  • A more robust, central authoritative source for Controlled Unclassified Information (CUI) data labeling, access, and management (including monitoring and challenging document originators) should be established by the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics (OUSD[AT&L]). The U.S. Department of Defense should also train its workforce on the new CUI labeling procedures when they are released and implemented.
  • To define and establish proper handling procedures for CUI, a function (additional responsibility for a currently existing office with experience using a large number of CUI labels in multiple roles) and reference (a central, authoritative online resource that references all relevant guidance on information management, handling, access, and release for acquisition data) should be established within OUSD(AT&L).
主题Cyber and Data Sciences ; Military Acquisition and Procurement ; Military Information Technology Systems ; United States Department of Defense
URLhttps://www.rand.org/pubs/research_reports/RR1476.html
来源智库RAND Corporation (United States)
引用统计
资源类型智库出版物
条目标识符http://119.78.100.153/handle/2XGU8XDN/108392
推荐引用方式
GB/T 7714
Megan McKernan,Jessie Riposo,Jeffrey A. Drezner,et al. Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy. 2016.
条目包含的文件
文件名称/大小 资源类型 版本类型 开放类型 使用许可
x1516280788425.jpg(8KB)智库出版物 限制开放CC BY-NC-SA浏览
RAND_RR1476.pdf(1491KB)智库出版物 限制开放CC BY-NC-SA浏览
个性服务
推荐该条目
保存到收藏夹
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Megan McKernan]的文章
[Jessie Riposo]的文章
[Jeffrey A. Drezner]的文章
百度学术
百度学术中相似的文章
[Megan McKernan]的文章
[Jessie Riposo]的文章
[Jeffrey A. Drezner]的文章
必应学术
必应学术中相似的文章
[Megan McKernan]的文章
[Jessie Riposo]的文章
[Jeffrey A. Drezner]的文章
相关权益政策
暂无数据
收藏/分享
文件名: x1516280788425.jpg
格式: JPEG
文件名: RAND_RR1476.pdf
格式: Adobe PDF

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。