“DoD security policy is fragmented, redundant, and inconsistent,” according to a new report from the Department of Defense Inspector General. This is not a new development, the report noted, but one that has persisted despite decades of criticism.
There are at least 43 distinct DoD security policies “covering the functional areas of information security, industrial security, operations security, research and technology protection, personnel security, physical security, and special access programs,” the Inspector General report noted.
“The sheer volume of security policies that are not coordinated or integrated makes it difficult for those at the field level to ensure consistent and comprehensive policy implementation.”
The solution to this fragmentation and incoherence is the development of a comprehensive and integrated security policy, the IG report said.
Lacking an integrated framework and an “overarching security policy…, [the] resulting policy can be stove-piped, overlapping and contradictory.”
The issuance of such an overarching security policy, described as “the necessary first step,” is expected later this year.
See “Assessment of Security Within the Department of Defense — Security Policy,” DoD Inspector General report DoDIG-2012-114, July 27, 2012.