AR 380-19 Information Systems Security

Chapter 1


1-1. Purpose

This regulation establishes Department of the Army (DA) Information Systems Security (ISS) policy. It specifically addresses three of the four ISS subdisciplines: communications security (COMSEC), computer security(COMPUSEC), and electronic security (ELSEC). A confidential supplement, AR380-19-1, governs the fourth subdiscipline, control of compromising emanations (commonly referred to as TEMPEST). This regulation-

1-2. References

Required and related publications and referenced forms are listed in appendix A.

1-3. Explanation of abbreviations and terms

Abbreviations and special terms used in this regulation are explained in the 1-4. Responsibilities

1-5. Policy

d. Information will be safeguarded by continuous protective measures. These safeguards consist of-

e. Each TAIS handling classified or unclassified-sensitive information will be subject to a formal risk management program according to chapter 3.

g. Measures designed to protect noncommunications emitters will include both-

h. Compliance with ISS requirements is an integral part of the information mission area, the Army information architecture, and life cycle management of information systems defined in AR 25-1.

i. The application of ISS measures must include interoperability and compatibility considerations.

j. Training in ISS principles and techniques will be integrated into unit operations at all levels of command.

1-6. U.S. Army Information Systems Security Program (AISSP)