The Department of
Defense has established the Defense-Wide Information Assurance Program, or DIAP. 
The Department of
Defense has established the Defense-Wide Information Assurance Program, or DIAP.
DIAP provides a common management framework and central oversight to protect
the Defense Information Infrastructure, or DII.
A key tenet of DIAP is the recognition that Information Assurance isn’t just a
technical issue, but a core factor in operational readiness in which everyone in DoD plays
a role.
There’s no single solution to
ensure the protection of information and the associated information infrastructure.
A variety of layered, defensive mechanisms and practices needs to be put in place to
protect the required level of network security.
Therefore, DoD has developed a "defense-in-depth"
strategy which includes...
tools such as those provided by the National Security Agency and the Defense Information Systems Agency to assess the robustness and security-readiness of networks.
The defense-in-depth strategy also includes Red Teams, which are technically qualified groups who simulate cyber attacks against information systems, networks and infrastructures to identify security vulnerabilities and help develop protections against future attacks.
Finally, the defense-in-depth strategy includes a pilot program for authenticating digital signatures for electronic transactions using commercial technology.
Related Sites:
* INFOSEC Program Management Office
* NSA - Solutions for Network Security
* NSA - Commercial Product Evaluations
* Federal Computer Incident Response Capability
* Information Assurance Technology Analysis Center