RAAUZFH1 RUEOCSA8002 0142335——哦哦——RUEASRB。ZNR UUUUU ZOV RUEOCSA0144继电器RUHHCSA8002 0142205最RHHMMCA1514 0142329 ZFH1所有用户直接连接RUHH R 0142329 z 1月03 FM)华盛顿ALDODACT信息RUEKJCS /华盛顿会议)/ / DASD SIO / /安全/ / BT UNCLAS ALDODACT 02/03的地址传递给所有下属命令主题:网站OPSEC差异1。在阿富汗被收回的一份基地组织训练手册中写道:“公开使用公共资源，不使用非法手段，至少有可能收集到80%的关于敌人的信息。”AT MORE THAN 700 GIGABYTES, THE DOD WEB-BASED DATA MAKES A VAST, READILY AVAILABLE SOURCE OF INFORMATION ON DOD PLANS, PROGRAMS, AND ACTIVITIES. ONE MUST CONCLUDE OUR ENEMIES ACCESS DOD WEB SITES ON A REGULAR BASIS. 2. THE FACT THAT FOR OFFICIAL USE ONLY (FOUO) AND OTHER SENSITIVE UNCLASSIFIED INFORMATION (E.G., CONOPS, OPLANS, SOP) CONTINUES TO BE FOUND ON PUBLIC WEB SITES INDICATES THAT TOO OFTEN DATA POSTED ARE INSUFFICIENTLY REVIEWED FOR SENSITIVITY AND/OR INADEQUATELY PROTECTED. OVER 1500 DISCREPANCIES WERE FOUND DURING THE PAST YEAR. THIS CONTINUING TREND MUST BE REVERSED. 3. THE DOD WEB SITE ADMINISTRATION POLICY (LINK AT WWW.DEFENSELINK.MIL/WEBMASTERS) REQUIRES THAT INFORMATION BE REVIEWED FOR DATA SENSITIVITY PRIOR TO WEB POSTING AND PROTECTED ACCORDINGLY. THIS REVIEW IS TO BE ACCOMPLISHED IN ACCORDANCE WITH DOD DIRECTIVE 5230.9, CLEARANCE OF DOD INFORMATION FOR PUBLIC RELEASE, AND DOD INSTRUCTION 5230.29, SECURITY AND POLICY REVIEW OF DOD INFORMATION FOR PUBLIC RELEASE, AND MUST INCLUDE OPERATIONS SECURITY (OPSEC) CONSIDERATIONS AS DEFINED BY DOD DIRECTIVE 5205.2, DOD OPERATIONS SECURITY (OPSEC) PROGRAM. 4. USING THE OPSEC PROCESS IN A SYSTEMATIC WAY AND THINKING ABOUT WHAT MAY BE HELPFUL TO AN ADVERSARY PRIOR TO POSTING ANY INFORMATION TO THE WEB COULD ELIMINATE MANY VULNERABILITIES. THE INTERAGENCY OPSEC SUPPORT STAFF (IOSS) CAN PROVIDE PROFESSIONAL ASSISTANCE WITH THE OPSEC PROCESS (SEE WWW.IOSS.GOV). LIMITING DETAILS IS AN EASILY APPLIED COUNTERMEASURE THAT CAN DECREASE VULNERABILITIES WHILE STILL CONVEYING THE ESSENTIAL INFORMATION. SECURITY AND ACCESS PROTECTIONS MUST BE APPLIED ACCORDING TO THE SENSITIVITY OF DATA FOR BOTH WEB PAGES AND WEB-ENABLED APPLICATIONS. UNPUBLISHED ADDRESSES (URLS) AND UNLINKED WEB PAGES DO NOT PROVIDE SECURITY. SEE PART V, TABLE 1 OF THE WEB SITE ADMINISTRATION POLICY FOR FURTHER GUIDANCE. 5. HEADS OF COMPONENTS ARE RESPONSIBLE FOR MANAGEMENT OF INFORMATION PLACED ON COMPONENT WEBSITES. THEY MUST ENSURE THAT WEBSITE OWNERS TAKE RESPONSIBILITY FOR ALL CONTENT POSTED TO THEIR WEBSITES. WEBSITE OWNERS MUST REDOUBLE THEIR EFFORTS TO: A. VERIFY THAT THERE IS A VALID MISSION NEED TO DISSEMINATE THE INFORMATION TO BE POSTED, B. APPLY THE OPSEC REVIEW PROCESS, C. LIMIT DETAILS, D. USE THE REQUIRED PROCESS FOR CLEARING INFORMATION FOR PUBLIC DISSEMINATION, E. PROTECT INFORMATION ACCORDING TO ITS SENSITIVITY, AND F. ENSURE REVIEWING OFFICIALS AND WEBMASTERS ARE SELECTED AND HAVE RECEIVED APPROPRIATE TRAINING IN SECURITY AND RELEASE REQUIREMENTS IN SUPPORT OF DOD WEB POLICY. 6. IT IS A TEAM EFFORT AMONG THE INFORMATION ORIGINATOR, THE WEBMASTER AND THE READER(S) TO ENSURE ONLY THE INFORMATION NECESSARY TO ACCOMPLISH THE MISSION IS POSTED. THESE STEPS WILL HELP ENSURE WE ARE NOT AIDING OUR ENEMIES BY POSTING CONTENT THAT COULD PUT THE LIVES AND MISSIONS OF AMERICAN FORCES AND THOSE OF OUR FRIENDS AND ALLIES AT RISK. BT #8002