Question

The Department of Defense Directive (DoDD) 8140 (formerly 8570) provides guidance and procedures for training, certification, and management of all government employees who conduct information assurance functions in assigned duty positions. In some career positions, DoDD 8140 impacts those with access to DoD information system performing assurance (security) functions.

As an independent contractor considering a move into the DoD contract arena, discuss additional considerations you would add to your compliance plan to meet DoD requirements. Assess the pros and cons of adding DoD contracts to your portfolio.

Answer 1

Fact of the Case: Policy 8140 is like a Handbook for training , certifications and management of all government emplyees within the DoD career positions.

Got an Enagagement for DoD contract to meet the compliance area, which casue the considerations of following factors as listed below as a measure of security functions:

- Make Rule for " Restricted Area" , " No Admission without Permission" on the Area which are of high risk. and same need to be complied. Enlist the area where same is not mentioned or adhered.

- Any Digital information movement should be encryptedor protected with general password which cannot with access by outside person. It is advisable to have particular password tranche for one department and that password never match with the password of another department.

for eg. Security officials data is sent with password abxyz and receipent have to know if the data is received from particular department ( security), then Security department password will be required to access the file.

- Restrictions over Security department data transfering and its accessibility

- Proper Authorisation matrix should in place for urgent need of the data.

As an Individual to take up the cobtract for the Security Assurance functions: As every contract has its own pros and cons and accordingly this functions also have.

Pros are Diversification in Services offerred, Give platform to learn new things. Can be taken as specialisation in this assurance activity.

Cons: Breach of Contract is highly penalised. Confidentiality risk is very high. Informationleakage will cause loss of reputation and lead to cancellation of license also.