Information Assurance Vulnerability Alert

Information Assurance Vulnerability Alert

An Information Assurance Vulnerability Alert (IAVA) is an announcement of a computer application software or operating system vulnerability notification in the form of alerts, bulletins, and technical advisories identified by DoD-CERT, a division of the Joint Task Force-Global Network Operations. These selected vulnerabilities are the mandated baseline, or minimum configuration of all hosts residing on the GIG. JTF GNO analyzes each vulnerability and determines if is necessary or beneficial to the Department of Defense to release it as an IAVA. Implementation of IAVA policy will help ensure that DoD Components take appropriate mitigating actions against vulnerabilities to avoid serious compromises to DoD computer system assets that would potentially degrade mission performance.

Information Assurance Vulnerability Management Program

The COCOMs, Services, and Agencies and field activities are required to implement vulnerability notifications in the form of alerts, bulletins, and technical advisories. USSTRATCOM has the authority to direct corrective actions, which may ultimately include disconnection of any enclave, or affected system on the enclave, not in compliance with the IAVA program directives and vulnerability response measures (i.e. communication tasking orders or messages). USSTRATCOM and JTF GNO will coordinate with all affected organizations to determine operational impact to the DoD before instituting a disconnection.


On February 15, 1998, the Deputy, Secretary of Defense issued a classified memorandum, Information Assurance, which instructed the DISA, with the assistanceof the Military Departments, to develop an alert system that ensured positive control of information assurance. According to the memorandum, the alert system should:

* Identify a system administrator to be the point of contact for each relevant network system,
* Send alert notifications to each point of contact,
* Require confirmation by each point of contact acknowledging receipt of each alert notification,
* Establish a date for the corrective action to be implemented, and enable DISA to confirm whether the correction has been implemented.

The Deputy, Secretary of Defense issued an Information Assurance Vulnerability Alert (IAVA) policy memorandum on December 30, 1999. Current events of the time demonstrated that widely known vulnerabilities exist throughout DoD networks, with the potential to severely degrade mission performance. The policy memorandum instructs the DISA to develop and maintain an IAVA database system that would ensure a positive control mechanism for system administrators to receive, acknowledge, and comply with system vulnerability alert notifications. The IAVA policy requires the COCOM's, Services, and Agencies to register and report their acknowledgement of and compliance with the IAVA database. According to the policy memorandum, the compliance data to be reported should include the number of assets affected, the number of assets in compliance, and the number of assets with waivers.

External links

* [] Office of the Inspector General, DoD Compliance with the Information Assurance Vulnerability Alert Policy, Dec 2001.
* [] Chairman of the Joint Chiefs of Staff Instruction, 6510.01E, August 2007.

Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Defense Information Systems Agency — Seal …   Wikipedia

  • IAVA — Information Assurance Vulnerability Alert (Computing » General) …   Abbreviations dictionary

  • Computers and Information Systems — ▪ 2009 Introduction Smartphone: The New Computer.       The market for the smartphone in reality a handheld computer for Web browsing, e mail, music, and video that was integrated with a cellular telephone continued to grow in 2008. According to… …   Universalium

  • NetOps — is defined as the operational framework consisting of three essential tasks, Situational Awareness (SA), and Command Control (C2) that the Commander (CDR) of US Strategic Command (USSTRATCOM), in coordination with DoD and Global NetOps Community …   Wikipedia

  • United States Cyber Command — U.S. Cyber Command emblem Active 2009–current Country …   Wikipedia

  • IAVA — can refer to:*Information Assurance Vulnerability Alert, an announcement of a computer application software or operating system vulnerability by the US DoD Joint Task Force Global Network Operations. *Iraq and Afghanistan Veterans of America, a… …   Wikipedia

  • Critical infrastructure protection — Public infrastructure Assets and facilities Airports · Bridges · Broadband& …   Wikipedia

  • Critical Infrastructure Protection — or CIP is a national program to assure the security of vulnerable and interconnected infrastructures of the United States. In May 1998, President Bill Clinton issued Presidential directive PDD 63 [ [ 63.htm… …   Wikipedia

  • Zero-day attack — This article is about technical vulnerabilities. For other uses, see Zero day (disambiguation). A zero day (or zero hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are… …   Wikipedia

  • international relations — a branch of political science dealing with the relations between nations. [1970 75] * * * Study of the relations of states with each other and with international organizations and certain subnational entities (e.g., bureaucracies and political… …   Universalium

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”