Subj: INFORMATION MANAGEMENT/INFORMATION TECHNOLOGY POLICY FOR FIELDING OF COMMERCIAL OFF THE SHELF SOFTWARE

Similar documents
Subj: DEPARTMENT OF THE NAVY SENIOR GOVERNANCE COUNCILS

PROCESS FOR REQUESTING WAIVERS FOR CONTINUED USE OF UNSUPPORTED COMMERCIAL OFF THE SHELF SOFTWARE

Subj: DEFENSE CIVILIAN INTELLIGENCE PERSONNEL SYSTEM (DCIPS)

Subj: NAVY ENTERPRISE TEST AND EVALUATION BOARD OF DIRECTORS

Subj: DEPARTMENT OF THE NAVY COUNTER-NARCOTICS CENTRAL TRANSFER ACCOUNT SPENDING POLICY

NAVAIR IT Compliance

CNATRAINST N6 11 Aug 2016

Information Technology Expenditure Approval Authority

SECNAV INSTRUCTION

ELECTROMAGNETIC SPECTRUM POLICY AND MANAGEMENT

Subj: ACCOUNTABILITY AND MANAGEMENT OF DEPARTMENT OF THE NAVY PROPERTY

Subj: INFORMATION TECHNOLOGY PORTFOLIO MANAGEMENT IMPLEMENTATION

Subj: PROVISION OF DEPARTMENT OF THE NAVY DOCUMENTARY MATERIAL

NG-J6/CIO CNGBI A DISTRIBUTION: A 26 September 2016 NATIONAL GUARD BUREAU JOINT INFORMATION TECHNOLOGY PORTFOLIO MANAGEMENT

Subj: IMPLEMENTATION OF THE DEFENSE STANDARDIZATION PROGRAM IN THE DEPARTMENT OF THE NAVY

Subj: NAVY ACCELERATED ACQUISITION FOR THE RAPID DEVELOPMENT, DEMONSTRATION, AND FIELDING OF CAPABILITIES

DOD INSTRUCTION ACCOUNTABILITY AND MANAGEMENT OF INTERNAL USE SOFTWARE (IUS)

DEPARTMENT OF THE NAVY FFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC 2035(1 2000

Subj: RELEASE OF COMMUNICATIONS SECURITY MATERIAL TO U.S. INDUSTRIAL FIRMS UNDER CONTRACT TO THE DEPARTMENT OF THE NAVY

DEPARTMENT OF THE NAVY COMMANDER, NAVY INSTALLATIONS COMMAND 716 SICARD STREET, SE, SUITE 1000 WASHINGTON NAVY YARD, DC

DEPARTMENT OF THE NAVY DEPUTY CHIEF INFORMATION OFFICER MARINE CORPS ROLES AND RESPONSIBILITIES

a. To promulgate policy on cost analysis throughout the Department of the Navy (DON).

DEPARTMENT OF THE NAVY CYBERSPACE INFORMATION TECHNOLOGY AND CYBERSECURITY WORKFORCE MANAGEMENT AND QUALIFICATION

OPNAVINST N2/N6 19 Aug 2014

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON DC

Subj: CREDIT FOR PRIOR NON-FEDERAL WORK EXPERIENCE AND CERTAIN MILITARY SERVICE FOR DETERMINING LEAVE ACCRUAL RATE

From: Commanding Officer, Navy and Marine Corps Public Health Center

MCO C059 APR Subj: MARINE CORPS MODELING & SIMULATION MANAGEMENT

FOR OFFICIAL USE ONLY. Naval Audit Service. Audit Report

Subj: THREAT SUPPORT TO THE DEFENSE ACQUISITION SYSTEM

UNITED STATES MARINE CORPS HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON, DC

DEPARTMENT OF THE NAVY FFIC EN AGON C Q

Subj: IDENTIFICATION OF MAJOR PROGRAM MANAGER EQUIVALENT BILLETS

Subj: DEPARTMENT OF THE NAVY ENERGY PROGRAM FOR SECURITY AND INDEPENDENCE ROLES AND RESPONSIBILITIES

Subj: TECHNOLOGY TRANSFER AND SECURITY ASSISTANCE REVIEW BOARD

Department of Defense DIRECTIVE

DEPARTMENT OF THE NAVY FOREIGN AREA OFFICER PROGRAMS

Subj: OVERSIGHT OF THE DEPARTMENT OF THE NAVY MILITARY INTELLIGENCE PROGRAM

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, DC SUBJECT: Implementation of Microsoft Windows 10 Secure Host Baseline

THREAT SUPPORT TO THE DEFENSE ACQUISITION SYSTEM

a. Reference (a) and the provisions of this instruction will be implemented by OPNAV and all activities under the command of CNO.

D E P A R T M E N T O F T H E N A V Y

DEPARTMENT OF THE NAVY OFFICE OF THE SECRETARY NAVY PENTAGON WASHINGTON DC

1. Purpose. To implement the guidance set forth in references (a) through (e) by:

DEPARTMENT OF THE NAVY OFFICE OF THE SECRETARY 1000 NAVY PENTAGON WASHINGTON, D.C

Subj: BUREAU OF NAVAL PERSONNEL POLICY FOR USING NAVY MOBILE DEVICES (SMART PHONE/TABLETS)

COMMUNICATIONS SECURITY MONITORING OF NAVY TELECOMMUNICATIONS AND INFORMATION TECHNOLOGY SYSTEMS

SECNAVINST E CH-1 DUSN (M) 15 Sep 17

Department of Defense

DEPARTMENT OF THE NAVY MARINE CORPS POLICY FOR COORDINATED IMPLEMENTATION OF MILITARY STANDARDS 6017, , AND

NAVAL SCIENCE, TECHNOLOGY, ENGINEERING, AND MATHEMATICS POLICY AND COORDINATION

DOD DIRECTIVE DOD SPACE ENTERPRISE GOVERNANCE AND PRINCIPAL DOD SPACE ADVISOR (PDSA)

NAVY CONTINUITY OF OPERATIONS PROGRAM AND POLICY

DEPARTMENT OF THE NAVY HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON, DC

DEPARTMENT OF THE NAVY HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON DC

2016 Major Automated Information System Annual Report

Subj: DEPARTMENT OF THE NAVY COMPUTER NETWORK INCIDENT RESPONSE AND REPORTING REQUIREMENTS

The Navy s Management of Software Licenses Needs Improvement

DEPARTMENT OF THE NAVY HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON DC

REQUIRED OPERATIONAL CAPABILITY LEVELS FOR NAVY INSTALLATIONS AND ACTIVITIES

Department of Defense Investment Review Board and Investment Management Process for Defense Business Systems

MCO C4 7 Apr 2009

DEPARTMENT OF THE NAVY CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON DC

OPNAVINST B N98 4 Jun 2018

UNCLASSIFIED. UNCLASSIFIED Navy Page 1 of 7 R-1 Line #31

Subj: DEPARTMENT OF THE NAVY CYBERSECURITY/INFORMATION ASSURANCE WORKFORCE MANAGEMENT, OVERSIGHT, AND COMPLIANCE

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

DEPARTMENT OF THE NAVY INSIDER THREAT PROGRAM. (1) References (2) DON Insider Threat Program Senior Executive Board (DON ITP SEB) (3) Responsibilities

OPNAVINST A N Oct 2014

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON DC

ARMY RDT&E BUDGET ITEM JUSTIFICATION (R2 Exhibit)

DEPARTMENT OF THE NAVY CONTINUITY OF OPERATIONS (DON COOP) PROGRAM

Department of Defense DIRECTIVE

UNCLASSIFIED R-1 ITEM NOMENCLATURE. FY 2014 FY 2014 OCO ## Total FY 2015 FY 2016 FY 2017 FY 2018

Subj: PUBLIC AFFAIRS-VISUAL INFORMATION TRAINING WITH INDUSTRY PROGRAM

SECNAVINST A DON CIO 20 December Subj: DEPARTMENT OF THE NAVY INFORMATION ASSURANCE (IA) POLICY

DEPARTMENT OF THE NAVY OFFICE OF THE SECRETARY 1000 NAVY PENTAGON WASHINGTON, D.C

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE

Subj: DEPARTMENT OF THE NAVY (DON) INFORMATION SECURITY PROGRAM (ISP) INSTRUCTION

Subj: ASSIGNMENT OF RESPONSIBILITIES AND AUTHORITIES IN THE OFFICE OF THE SECRETARY OF THE NAVY

DEPARTMENT OF THE NAVY OFFICE OF THE SECRETARY NAVY PENTAGON WASHINGTON DC

SECNAVINST A ASN(M&RA) 14 February 2007

Subj: DEPARTMENT OF THE NAVY POLICY ON INSENSITIVE MUNITIONS

DEPARTMENT OF THE NAVY COUNTERINTELLIGENCE

PARTICIPATION IN THE GOVERNMENT-INDUSTRY DATA EXCHANGE PROGRAM (GIDEP)

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

ARMY RDT&E BUDGET ITEM JUSTIFICATION (R2 Exhibit)

Report No. D September 28, DOD Enterprise Staffing Solution

Encl: (1) References (2) Department of the Navy Security Enterprise Governance (3) Senior Director for Security (4) Definitions (5) Responsibilities

Subj: DEPARTMENT OF THE NAVY CRITICAL INFRASTRUCTURE PROTECTION PROGRAM

DoD Cloud Computing Strategy Needs Implementation Plan and Detailed Waiver Process

Subj: ROLE AND RESPONSIBILITIES RELATED TO MEDICAL DEPARTMENT SPECIALTY LEADERS

Subj INSTALLATION GEOSPATIAL INFORMATION AND SERVICES

PRIVACY IMPACT ASSESSMENT (PIA) For the

This is definitely another document that needs to have lots of HSI language in it!

Subj: APPOINTMENT OF OFFICERS IN THE CHAPLAIN CORPS OF THE NAVY

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

POLICIES CONCERNING THE NAVAL POSTGRADUATE SCHOOL

Transcription:

D E PAR TME NT OF THE N A VY OFFICE OF T HE SECRET ARY 1000 NAVY PENT AGON WASHINGT ON D C 20350-1000 SECNAVINST 5230.15 DON CIO SECNAV INSTRUCTION 5230.15 From: Secretary of the Navy Subj: INFORMATION MANAGEMENT/INFORMATION TECHNOLOGY POLICY FOR FIELDING OF COMMERCIAL OFF THE SHELF SOFTWARE Ref: (a) DON CIO memo, Department of the Navy Open Source Software Guidance, of 05 June 07 (b) Subtitle III of title 40, United States Code [formerly the Clinger-Cohen Act] (c) SECNAVINST 5430.7P (d) DON CIO WASHINGTON DC 041537Z Aug 08, Achieving Cost Savings and Management Efficiencies by Purchasing Commercially Available Software (e) SECNAV M-5210.1 1. Purpose. This instruction provides policy on the fielding and vendor support of Commercial Off The Shelf (COTS) software. 2. Rationale. Unsupported COTS software poses unacceptable operational and security vulnerability risks to the Information Technology (IT) assets of the Department of the Navy (DON). 3. Scope. The provisions of this instruction are applicable throughout the Department of the Navy. 4. Policy. It is the policy of the Department of the Navy that all COTS software in use across the Department shall be vendor supported. a. The level of vendor support required shall be such that identified operational problems and security vulnerabilities are rapidly mitigated by vendor provided patches; b. If the particular COTS software is no longer under vendor standard support and has entered into an extended support phase, the program and/or command which desires continued use of the software must make the necessary arrangements for support,

including funding, so that the Department of the Navy is adequately covered by the vendor s extended support agreement. Prior to entering into such an agreement, justification must be submitted and approved by the DON Chief Information Officer (CIO) via the appropriate DON Deputy CIO (Navy or Marine Corps); and c. If the particular COTS software is no longer under any type of support from the original vendor (standard or extended) and the product has reached commercial "end of life," the program and/or command that requires continued use of the software must request and receive a waiver to this policy, in accordance with paragraph 9 below. The waiver request shall include details of the funding and management processes to be used to execute the support plan for maintaining the particular COTS software product. Beyond end of life COTS software, support can be acquired from within the Department of the Navy or from a third party provider, but in either case a waiver must be granted by the appropriate DON Deputy CIO (Navy or Marine Corps). 5. Applicability a. For the purposes of this policy, COTS software is defined as applications and tools that are ready-made by commercial vendors and are available for sale, lease, or license to the general public, as well as to the Federal Government. COTS software includes desktop and server tools, applications, operating systems, and back office software that is employed in support of DON systems; b. This policy is applicable to all COTS software, whether used as a standalone product, acquired and/or used as a result of a services contract, or as a component of a larger IT system, such as a major automated information system acquisition program or a National Security System (NSS). All IT/NSS which make use of COTS software shall fully comply with this policy and shall ensure continued support of this software as part of their lifecycle management planning process; and c. This policy is applicable to all Open Source Software (OSS) applications and tools licensed to the general public as well as to the Federal Government. OSS shall be treated as COTS 2

in accordance with reference (a). If the particular OSS application is not acquired under commercial vendor support, then the program and/or command who requires continued use of the OSS application must request and receive a waiver to this policy, in accordance with paragraph 9 below. The waiver request shall include details of the funding and management processes to be used to execute the support plan for maintaining the particular OSS application. OSS support can be acquired from within the Department of the Navy or from a third party provider, but in either case a waiver must be granted by the appropriate DON Deputy CIO (Navy or Marine Corps). 6. Enterprise Architecture (EA). In accordance with references (c) and (d), the DON CIO is responsible for developing and maintaining the DON EA. The above stated policy shall be incorporated into the DON CIO managed DON EA. All applicable implementation architectures shall align to and support the above stated policy, as documented in the DON EA. 7. Actions. Within 180 days of the date of this instruction, DON Deputy CIO (Navy) and DON Deputy CIO (Marine Corps) shall jointly develop a proposed plan for implementation of this policy within their Services. a. The implementation plan shall include the use of the DON Application and Database Management System (DADMS) and the DON variant of the Department of Defense (DoD) IT Portfolio Repository (DITPR-DON) as the mechanism for tracking waiver requests, approvals, and rejections; and b. The proposed implementation plan shall be submitted to DON CIO for approval. 8. Execution a. Programs, initiatives, services contracts and proposed investments shall be reviewed to ensure compliance with the above stated policy and approved implementation plans; b. Existing fielded COTS software applications shall immediately comply with this policy to the maximum extent possible, by acquiring support agreements as described in subparagraphs 4b and 4c. Otherwise, the program and/or command 3

shall submit a waiver request to DON Deputy CIO (Navy or Marine Corps), as appropriate. As set forth in paragraph 9, waivers for all currently fielded COTS software shall be requested and adjudicated no later than 12 months from the date of this instruction; c. If new COTS software applications or related support services have to be purchased in order to comply with this policy, then in accordance with reference (d), if Enterprise software license agreements exist under a DoD Enterprise Software Initiative (ESI) for the required software or related services, then the COTS software and/or related support services shall be purchased through ESI; d. Program objective memorandum submissions and budget execution plans should be adjusted accordingly, in order to support the intent of this policy; and e. Implementation shall also be reviewed in preparation for Joint Capabilities Integration and Development System (JCIDS) and acquisition milestone and gate reviews of IT/NSS systems, which are dependant on use of COTS software components. 9. Waivers a. Waiver requests to this policy shall be submitted to the applicable DON Deputy CIO (Navy or Marine Corps), in accordance with the approved implementation plan developed under paragraph 7. Waivers for Joint programs and systems that have COTS software components will only be approved by the DON CIO; b. DON Deputy CIO (Navy and Marine Corps) shall ensure that up to date reporting on waiver requests, approvals, and rejections is available in DADMS/DITPR-DON for review by DON CIO. This reporting shall include identification of the rationale used to make waiver determinations; c. COTS software currently in use across the Department of the Navy, which is not compliant with the above stated policy, shall have 12 months from the date of this instruction to become compliant or submit and receive a waiver. Otherwise, this software must be uninstalled. 4

10. Records Management. Records created as a result of this instruction, regardless of media and format, shall be managed in accordance with reference (e). ROBERT J. CAREY Department of the Navy Chief Information Officer Distribution: Electronic only, via Department of the Navy Issuances Web site http://doni.daps.dla.mil/ 5

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback