Department of Defense INSTRUCTION NUMBER 8550.01

SUBJECT: DoD Internet Services and Internet-Based Capabilities References: See Enclosure 1

1.  PURPOSE.  This Instruction, in accordance with the authority in DoD Directive (DoDD) 5144.1 (Reference (a)) and DoD Instruction (DoDI) 5025.01 (Reference (b)) and the requirements of the Office of Management and Budget (OMB) Memorandum M-05-04 (Reference (c)):

a.  Incorporates and cancels Deputy Secretary of Defense (DepSecDef) Memorandum (Reference (d)), and Directive-Type Memorandum (DTM) 09-026 (Reference (e)).

b.  Establishes policy, assigns responsibilities, and provides instructions for:
(1)  Establishing, operating, and maintaining DoD Internet services on unclassified networks to collect, disseminate, store, and otherwise process unclassified DoD information.

(2)  Use of Internet-based capabilities (IbC) to collect, disseminate, store, and otherwise process unclassified DoD information.

2.  APPLICABILITY.  This Instruction:
a.  Applies to OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (hereinafter referred to collectively as the “DoD Components”).

b.  Applies to DoD Internet services and use of IbC provided by morale, welfare, and recreation (MWR), military exchanges, and lodging programs for use by authorized patrons.

c.  Applies to contractors and other non-DoD entities that are supporting DoD missionrelated activities or accessing DoD Internet services or IbC via DoD information systems, to the extent provided in the contract or other instrument by which such authorized support or access is provided.

d.  Does NOT:
(1)  Prevent unit commanders or Heads of the DoD Components from providing alternate, stand-alone capabilities to allow access to IbC for mission or morale purposes.

(2)  Prohibit DoD employees from using IbC from personal Internet-capable devices for personal purposes.

(3) Apply to using IbC specifically for penetration testing, communications security monitoring, network defense, personnel misconduct and law enforcement investigations, and intelligence-related operations.

3.  DEFINITIONS.  See Glossary.

4.  POLICY.  It is DoD policy that:
a.  Decisions to collaborate, participate, or to disseminate or gather information via DoD Internet services or IbC shall balance benefits and vulnerabilities.  Internet infrastructure, services, and technologies provide versatile communication assets that must be managed to mitigate risks to national security; to the safety, security, and privacy of personnel; and to Federal agencies.

b.  DoD Internet services and IbC used to collect, disseminate, store, or otherwise process DoD information shall be configured and operated in a manner that maximizes the protection (e.g., confidentiality, integrity, and availability) of the information, commensurate with the risk and magnitude of harm that could result from the loss, compromise, or corruption of the information.

(1)  For use of DoD Internet services, paragraph 4.b. applies to both public and nonpublic DoD information.

(2)  For use of IbC, this applies to the integrity and availability of public DoD information. IbC shall not be used to collect, disseminate, store, or otherwise process non-public DoD information, as IbC are not subject to Federal or DoD information assurance (IA) standards, controls, or enforcement, and therefore may not consistently provide confidentiality.

c.  DoD information systems (ISs) hosting DoD Internet services shall be operated and configured to meet the requirements in DoDD 8500.01E (Reference (f)) and DoDI 8500.2 (Reference (g)), and certified and accredited in compliance with DoDI 8510.01 (Reference (h)).

d.  Effective information review procedures for clearance and release authorization for DoD information to the public are conducted in compliance with DoDD 5230.09 and DoDI 5230.29 (References (i) and (j)).  DoD information intended for non-public audiences requires similar review and consideration prior to dissemination.  DoD employees shall be educated and trained to conduct both organizational and individual communication effectively to deny adversaries the opportunity to take advantage of information that may be inappropriately disseminated.

e.  Public DoD websites shall be operated in compliance with the laws and requirements cited in Reference (c).  Detailed explanations, and implementation guidance are provided at the Web Manager’s Advisory Council Website at http://www.howto.gov/web-content/.

f.  DoD Internet services and the information disseminated via these services, where appropriate, shall be made available to Federal initiatives such as Data.gov, Recovery.gov, and USA.gov to reduce duplication and to foster greater participation, collaboration, and transparency with the public.  Where feasible and appropriate, such DoD information shall be provided as datasets in raw (machine readable) format as defined in DepSecDef Memorandum (Reference (k)).

g.  All unclassified DoD networks (e.g., Non-classified Internet Protocol Router Network (NIPRNET), the Defense Research and Engineering Network) shall be configured to provide access to IbC across all the DoD Components.

h.  Authorized users of unclassified DoD networks shall comply with all laws, policies, regulations, and guidance concerning communication and the appropriate control of DoD information referenced throughout this Instruction regardless of the technology used.
Furthermore, all personal use of IbC by means of Federal government resources shall comply with paragraph 2-301 of DoD 5500.7-R (Reference (l)).

5.  RESPONSIBILITIES.  See Enclosure 2.

6.  PROCEDURES.  See Enclosure 3.

7.  RELEASABILITY.  UNLIMITED.  This Instruction is approved for public release and is available on the Internet from the DoD Issuances Website at http://www.dtic.mil/whs/directives/.

8.  EFFECTIVE DATE.  This Instruction:
a.  Is effective September 11, 2012

b.  Must be reissued, cancelled, or certified current within 5 years of its publication in accordance with Reference (b).  If not it will expire effective September 11, 2022 and be removed from the DoD Issuances Website.

 

Download (PDF, 526KB)