DEPARTMENT OF DEFENSE AGENCY CHIEF FREEDOM OF INFORMATION ACT OFFICER REPORT FOR 2014
DIRECTOR OF ADMINISTRATION AND MANAGEMENT
The NSA FOIA and Declassification Services Offices identified records appropriate for posting based on requester interest. These offices did not wait for there to be frequent requests, but based the decision to post information on the likelihood that others would have a significant interest in having access to the information. NSA added two new sections to the front page of its public website www.nsa.gov. With these new sections, the general public was able to see NSA information released in response to news reporting on the unauthorized disclosure of classified information. Examples included statements to the press, as well as public speeches, found at the following link: http://www.nsa.gov/publi_info/speeches_testimonies/index.shtml. The NSA FOIA and Declassification Services office reviewed, released, and posted 136 editions of the Cryptolog (4,400 pages), along with frequently asked questions about the history of the journal and the significance of the release. NSA posted 100 additional documents (249 pages) relating to the USS PUEBLO incident, History Today articles, an NSA Technical Journal article, Cryptologic History documents, NSA policies, and several miscellaneous documents, totaling over 1,000 pages.
o The NSA Research Directorate posted the following new material on NSA.gov at http://www.nsa.gov/research/index.shtml: Science of Security contest winners; information about the NSA partnership with North Carolina State University; the 20th Anniversary issue of its quarterly publication, The Next Wave.
o The NSA Information Assurance Directorate (IAD) published information on both the NSA web page, as well its web page at www.iad.gov.
o Examples of new information made available in 2013 by IAD were as follows:
- NSA Mobility Program (Mobility Capability Package Version 2.3)
- Campus Wi-Fi Capability Package – VPN Capability Package (Version 2.0)
- National Information Assurance Partnership Approved Protection Profiles – Release of CGS Versions 1.0 and 1.1 onto both IAD.gov, and the SIA.mil sites
- IAD unclassified 14 minute video “Confidence in Cyberspace” – IAD unclassified “Executive-level” cybersecurity guide
- Host Based Security System Host Intrusion Prevention System Application Whitelisting Technical Implementation Guide
- Hardening Network Infrastructure: Security Recommendations for System Accreditors
- IAD’s Top 10 Information Assurance Mitigation Strategies
- Antivirus File Reputation Slicksheet – Control Admin Privileges
- Limit Workstations to Workstation Communication
- Take Advantage of Software Improvements
- Segregate Networks and Functions
- Spotting the Adversary with Windows Event Log Monitoring
- Reducing the Effectiveness of Pass the Hash
- Building Web Applications-Security Recommendations for Developers
- Security Tips for Personally Managed Apple iPhones and iPads