DAOD 6003-0, Information Technology Security

1. Introduction

Date of Issue: 2012-04-18

Date of Last Modification: 2015-09-30

Application: This DAOD is a directive that applies to employees of the Department of National Defence (DND employees) and an order that applies to officers and non-commissioned members of the Canadian Armed Forces (CAF members).

Approval Authority: Assistant Deputy Minister (Information Management) (ADM(IM)) / Chief Information Officer (CIO)

Enquiries: Director Information Management Security (DIM Secur)

2. Definitions

information technology (technologies de l'information)

Involves both technology infrastructure and IT applications. Technology infrastructure includes any equipment or system that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission or reception of data or information. IT applications include all matters concerned with the design, development, installation and implementation of information systems and applications to meet business requirements. (Directive on Management of Information Technology, Treasury Board)

information technology security (sécurité des technologies de l'information)

Safeguards to preserve the confidentiality, integrity, availability, intended use and value of electronically stored, processed or transmitted information. (Operational Security Standard: Management of Information Technology Security (MITS), Treasury Board)

3. Policy Direction

Context

3.1 The ADM(IM) is responsible for the Information Technology (IT) Security Programme in the DND and the CAF, and for ensuring that it aligns with the security policies, instructions, directives and procedures issued by or on behalf of the Departmental Security Officer. The ADM(IM) acts as the Chief Information Officer for the DND and the CAF.

3.2 The DAOD 6003 series should be read in conjunction with the DND and CF IM and IT Policy Framework and other relevant ADM(IM) policies, instructions, directives, standards and guidance.

Policy Statement

3.3 The DND and the CAF are committed to:

  1. making IT security an integral part of continuous programme and service delivery, recognizing that it is both a business imperative and a service enabler; and
  2. ensuring the effective and efficient implementation of IT security in support of programmes, business priorities and operations.

Requirements

3.4 The DND and the CAF must:

  1. establish the roles and responsibilities of all personnel in respect of IT security; and
  2. ensure that:
    1. managers at all levels identify and integrate approved IT security requirements, processes and procedures into all plans, programmes, projects, activities and services;
    2. IT security services and processes are responsive to business needs;
    3. clear, concise and timely direction is provided for IT security; and
    4. IT security policies, processes, procedures and supporting documentation are current, complete and aligned with Government of Canada policies, directives and standards.

4. Consequences

Consequences of Non-Compliance

4.1 Non-compliance with this DAOD may have consequences for both the DND and the CAF as institutions, and for DND employees and CAF members as individuals. Suspected non-compliance may be investigated. The nature and severity of the consequences resulting from actual non-compliance will be commensurate with the circumstances of the non-compliance.

Note – In respect of the compliance of DND employees, see the Treasury Board Framework for the Management of Compliance for additional information.

5. Authorities

Authority Table

5.1 The following table identifies the authorities associated with this DAOD:

The … has or have the authority to …

ADM(IM)

  • issue policies, instructions, directives and standards for IT security in the DND and the CAF;
  • develop and deliver the IT Security Programme;
  • ensure that appropriate IT security measures are applied to all DND and CAF information management, IT and IT assets, activities and processes;
  • ensure a comprehensive approach for IT security in order to provide continuous IT service delivery in support of the business continuity strategy;
  • assess the IT security of systems, programmes and services, and authorize their operation; and
  • accept the residual risk to common DND and CAF IT infrastructure.

level one advisors and commanders of commands

  • issue amplifying IT security policies, instructions, directives and standards to meet their business and operational needs.

DIM Secur

  • act as the IT security coordinator, IT security authority and Departmental COMSEC Authority for the DND and the CAF;
  • establish and manage the IT Security Programme; and
  • serve as the principal IT security contact for the DND and the CAF.

6. References

Acts, Regulations, Central Agency Policies and Policy DAOD

Other References

Page details

Date modified: