The new five-page supplemental policy was approved June 2 by the networks and information integration office of the DOD to update its April 2004 Directive 8100.2, which laid out general policies and responsibilities for all commercial wireless devices used by departmental personnel.
Key among the new rules are requirements that network intrusion-detection systems constantly monitor wireless activity and policy violations on all Defense Department wired and wireless networks, as well as requirements mandating the use of open-standard 802.11i WLAN product certification. The availability of the 802.11i wireless protocol gives the department more flexibility to use open standards-based, commercially available products to create a more secure and interoperable network, according to the DOD.
Danny Price, deputy director of the policy communications directorate of the Office of the Assistant Secretary of Defense, said rules updates are typically done every two years so the agency can keep up with improvements in technology and bolster security.
"You either update your policy because there's something new on the requirements side ... or you update the policy when new capabilities are available to implement," Price said. "This was a little bit of both."
This round of new rules only specifically targets wireless LAN operations in the DOD. The new rules don't apply to other wireless or cellular technologies, which could be candidates for specific updates in future memorandums, according to the department.