DoD Webmasters List FAQ

Policy Questions

_ Index | Admin | Accessibility | Policy | Basic Questions | Graphics |  Books | Specific Tool References | List Guidelines | List Disclaimer

Policy

 1.  Where are the DoD, DA, etc. policies for Web? 
 2.  Am I allowed to use cookies on my DoD pages? 
 3.  Do I have to make my pages accessible? 
 4.  Is there any policy that requires us to use .MIL or that prevents us from using .COM for websites?

5. What are the rules about domain names?
6.  May we have a DoD IP assigned to a commercial server? 
7.  Do public websites have to be in/on a DMZ?
============================================================

Q1: Where are the DoD, DA, etc. policies for Web?|

A1:

DoD Policy
http://www.defenselink.mil/webmasters/policy/dod_web_policy_12071998_with_amendments_and_corrections.html 

A comprehensive DoD policy list is available at: http://www.defenselink.mil/webmasters
Federal Government Policies and practices  http://www.firstgov.gov/webcontent/index.shtml

Q2:

Am I allowed to use cookies on my DoD pages?

A3:

  See Amended  DoD Web Policy

Q3:

Do I have to make my pages accessible?

A3:

Section 508 of the Rehabilitation Act requires accessibility. http://www.section508.gov  
Final standards http://www.access-board.gov/sec508/guide/1194.22.htm
Section 508 Frequently Asked Questions http://www.section508.gov/index.cfm?FuseAction=Content&ID=75

Q4:  Is there any policy that requires us to use .MIL or that prevents us from using .COM for websites?

A4: Yes. DoDD 8100.1 "Global Information Grid (GIG) Overarching Policy" (http://www.dtic.mil/whs/directives/corres/html/810001.htm) requires the heads of the DoD Components to use Global Information Grid (GIG) common computing and  communications assets within their functional areas and Components.  That means that your component head should not allow you to host the website on a commercial ISP unless there are extenuating circumstances that prevent GIG assets from meeting your mission requirements. 

Additionally, the federal policy from the Executive Office of the President, Office of Management and Budget (http://www.whitehouse.gov/omb/memoranda/fy2005/m05-04.pdf), requires that all publicly accessible websites be hosted in the .mil or .gov domains.

The Navy's instruction (OPNAVINST 5239.2) on using the .mil domain.

The Army’s requirement (DA Pamphlet 25-1-1, Chap 8) for using .mil domain. Request for exceptions go to the Army CIO.

Q5:  What are the rules about domain names?

A5:  An overall description of the guidelines followed  is in RFC 1591, Domain  Name System Structure and Delegation at http://rfc.net/rfc1591.html.

For .MIL, the rules are published in two DDS Management Bulletins: POLICY GOVERNING DOMAIN REGISTRATIONIN THE ".MIL" and ".SMIL.MIL" DOMAINS at http://www.nic.mil

and

POLICY GOVERNING DOMAIN REGISTRATION IN THE ".MIL" DOMAIN at http://www.nic.mil

For .GOV, the rules are published in federal regulations:

Final Rule - 41 CFR Part 102-173, “Federal Management Regulation; Internet GOV Domain” in the Policies tab at http://www.dotgov.gov/ .

 

Q6:  May we have a DoD IP assigned to a commercial server?

A6:  Probably not.  Registry Protocol 9802, "Assignment and Registration of Internet Protocol (IP) Address Space," 30 October 2002, states that IP address space will only be used on the common user network to which it is registered.  IP address space or subnets of IP address space will not be shared amongst different common user networks.  IP address space assigned for NIPRNet use will only be used on the NIPRNet.  So, the DoD NIC would have to specifically assign the IP to be used on the commercial server - you cannot use an IP that has already been assigned to you for use on your LAN or other DISN network.

 
9802 also states that IPs will only be assigned for common user data networks that are registered at the NIC/SSC.  These networks include those Wide Area Networks (WANs) which are supported or operated by DISA and their subscriber Local Area Networks (LANs) and Metropolitan Area Networks (MANs).

Q7:  Do public websites have to be in/on a DMZ?

A7:  Yes and No 
The Yes part: CJCS Instruction 6510.01D, "Information Assurance and Computer Network Defense" 15 June 2004 (http://www.dtic.mil/cjcs_directives/cdata/unlimit/6510_01.pdf) requires publicly accessible websites or information sources to be on a dedicated server in a protected DMZ, with all unnecessary services, processes or protocols disabled or removed.

The No part:  DISA Web and B2B DMZs provide virtual DMZ services that do not require the publicly accessible server to be physically located in a DISA DMZ facility. This may be a more expedient and better value solution than building a DMZ in your existing component infrastructure.   Contact the DISA Business Management Center (BMC) at: csdbusiness@disa.mil