but on the front cover there is a notice which restricts distribution to U.S. Government agencies "to
protect technical or operational information."
Government contracts: Any unclassified information concerning current or future Government
contacts, details of contract negotiations, or information regarding bids on Government contracts is
sensitive and requires protection from unauthorized access. There have been enough cases of fraud
and abuse in this area to clearly demonstrate the need to protect this information.
Command and control: Unclassified information concerning the commander's command and
control of his forces also requires protection. This includes information relating to personnel
management, communications, and planning and directing operations. Running a division is hard
enough without having to worry about somebody erasing all the information about assignments of new
Mission- essential information: Mission-essential information is a kind of "catch-all:" any
unclassified information, not in one of the above categories, which the commander considers to be of
utmost importance to the units ability to perform its mission. In this category the commander can
include any information that he thinks requires some degree of protection against unauthorized
disclosure, modification, or destruction.
Part H: Responsibilities and Appointments
Security is everybody's responsibilities, but AR 380-19 requires formal assignment of authority and
responsibility. This requirement is intended to make sure that there is one specific individual who is
responsible for the security of an identified computer or group of computers. Formal assignment
implies that these individuals must be appointed in writing. A clearly defined structure of ISS
personnel will assist the commander in implementing the units computer security program.
The specific duties and responsibilities of these designees will depend on the level of command, the
type of computer used, and the geographic location. In general ISS personnel are responsible for
The unit's computers are operated within the requirements of AR 380-19.
Adequate computer security policies, safeguards, and procedures are developed, applied and
Written instructions concerning computer security are developed and provided to all computer
All computer users receive periodic computer security awareness training.
Part I: The Commander
Computer security starts with the commander. The unit commander, along with all his other
responsibilities, has overall responsibility for the security of all computers in that unit Paragraph 1-6c,
AR 380-19, sums up the commander's responsibility for computer security very well;