DAOD 6003-0, Information Technology Security
Date of Issue: 2012-04-18
Date of Last Modification: 2015-09-30
Application: This DAOD is a directive that applies to employees of the Department of National Defence (DND employees) and an order that applies to officers and non-commissioned members of the Canadian Armed Forces (CAF members).
Approval Authority: Assistant Deputy Minister (Information Management) (ADM(IM)) / Chief Information Officer (CIO)
Enquiries: Director Information Management Security (DIM Secur)
information technology (technologies de l'information)
Involves both technology infrastructure and IT applications. Technology infrastructure includes any equipment or system that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission or reception of data or information. IT applications include all matters concerned with the design, development, installation and implementation of information systems and applications to meet business requirements. (Directive on Management of Information Technology, Treasury Board)
information technology security (sécurité des technologies de l'information)
Safeguards to preserve the confidentiality, integrity, availability, intended use and value of electronically stored, processed or transmitted information. (Operational Security Standard: Management of Information Technology Security (MITS), Treasury Board)
3.1 The ADM(IM) is responsible for the Information Technology (IT) Security Programme in the DND and the CAF, and for ensuring that it aligns with the security policies, instructions, directives and procedures issued by or on behalf of the Departmental Security Officer. The ADM(IM) acts as the Chief Information Officer for the DND and the CAF.
3.2 The DAOD 6003 series should be read in conjunction with the DND and CF IM and IT Policy Framework and other relevant ADM(IM) policies, instructions, directives, standards and guidance.
3.3 The DND and the CAF are committed to:
- making IT security an integral part of continuous programme and service delivery, recognizing that it is both a business imperative and a service enabler; and
- ensuring the effective and efficient implementation of IT security in support of programmes, business priorities and operations.
3.4 The DND and the CAF must:
- establish the roles and responsibilities of all personnel in respect of IT security; and
- ensure that:
- managers at all levels identify and integrate approved IT security requirements, processes and procedures into all plans, programmes, projects, activities and services;
- IT security services and processes are responsive to business needs;
- clear, concise and timely direction is provided for IT security; and
- IT security policies, processes, procedures and supporting documentation are current, complete and aligned with Government of Canada policies, directives and standards.
Consequences of Non-Compliance
4.1 Non-compliance with this DAOD may have consequences for both the DND and the CAF as institutions, and for DND employees and CAF members as individuals. Suspected non-compliance may be investigated. The nature and severity of the consequences resulting from actual non-compliance will be commensurate with the circumstances of the non-compliance.
Note – In respect of the compliance of DND employees, see the Treasury Board Framework for the Management of Compliance for additional information.
5.1 The following table identifies the authorities associated with this DAOD:
|The …||has or have the authority to …|
level one advisors and commanders of commands
Acts, Regulations, Central Agency Policies and Policy DAOD
- Framework for the Management of Compliance, Treasury Board
- Management Accountability Framework, Treasury Board
- Policy on Government Security, Treasury Board
- Policy on Information Management, Treasury Board
- Policy on Management of Information Technology, Treasury Board
- Directive on Departmental Security Management, Treasury Board
- Directive on Management of Information Technology, Treasury Board
- Operational Security Standard - Business Continuity Planning (BCP) Program, Treasury Board
- Operational Security Standard: Management of Information Technology Security (MITS), Treasury Board
- DAOD 6000-0, Information Management and Information Technology
- DAOD 6002-0, Information Technology
- DND and CF IM and IT Policy Framework
- National Defence Security Orders and Directives
Report a problem or mistake on this page
- Date modified: