DAOD 6003-0, Information Technology Security

Table of Contents

  1. Introduction
  2. Definitions
  3. Policy Direction
  4. Authorities
  5. References

1. Introduction

Date of Issue: 2012-04-18

Application: This DAOD is a directive that applies to employees of the Department of National Defence (DND employees) and an order that applies to officers and non-commissioned members of the Canadian Forces (CF members).

Approval Authority: Assistant Deputy Minister (Information Management) (ADM(IM))

Enquiries: Director Information Management Security (Dir IM Secur)

2. Definitions

information technology (technologies de l’information)
Has the same meaning as in the Treasury Board Directive on Management of Information Technology.
information technology security (sécurité des technologies de l’information)
Has the same meaning as in the Treasury Board Operational Security Standard: Management of Information Technology Security (MITS).

3. Policy Direction

Context

3.1 The ADM(IM) is responsible for the Information Technology (IT) Security Programme in the DND and the CF, and for ensuring that it aligns with the Departmental Security Program that is managed by the Departmental Security Officer.

3.2 Given the assignment to the ADM(IM) under DAOD 1000-0, Corporate Administrative Direction of information-related functional areas, the ADM(IM) acts as the Chief Information Officer for the DND and the CF.

3.3 The DAOD 6003 series, along with the DND and CF IM and IT Policy Framework, should be read in conjunction with other relevant ADM(IM) policies, instructions, directives, standards and guidance.

Policy Statement

3.4 The DND and the CF are committed to:

  1. making IT security an integral part of continuous programme and service delivery, recognizing that it is both a business imperative and a service enabler; and
  2. ensuring the effective and efficient implementation of IT security in support of programmes, business priorities and operations.

Requirements

3.5 The DND and the CF must:

  1. establish the roles and responsibilities of all personnel in respect of IT security; and
  2. ensure that:
    1. managers at all levels identify and integrate approved IT security requirements, processes and procedures into all plans, programmes, projects, activities and services;
    2. IT security services and processes are responsive to business needs;
    3. clear, concise and timely direction is provided for IT security; and
    4. IT security policies, processes, procedures and supporting documentation are current, complete and aligned with Government of Canada policies, directives and standards.

4. Authorities

Authority Table

4.1 The following table identifies the authorities associated with this DAOD:

The … has or have the authority to …

ADM(IM)
  • issue policies, instructions, directives and standards for IT security in the DND and the CF;
  • ensure that appropriate security measures are applied to all DND and CF information management and IT assets, activities and processes;
  • ensure a comprehensive approach to continuous IT service delivery that supports the business continuity strategy; and
  • accredit programmes and services to accept any associated residual risk.

level one advisors
  • issue amplifying IT security policies, instructions, directives and standards to meet their functional needs in alignment with ADM(IM) direction.

Dir IM Secur
  • act as the IT security coordinator and the IT security authority for the DND and the CF;
  • establish and manage the IT Security Programme as part of a coordinated Departmental Security Program; and
  • serve as the principal IT security contact for the DND and the CF.

5. References

Acts, Regulations, Central Agency Policies and Policy DAOD

Other References