The roles and responsibilities of the ISSM, formerly the IA manager, are established in References DOD Instruction 8500.01, “Cybersecurity,” March 14, 2014 and DOD Instruction 8510.01, “Risk Management Framework (RMF) for DOD Information Technology (IT),” March 12, 2014.

A plan to safeguard a building’s premises (exterior and interior) from unauthorized physical access, and to safeguard the equipment therein from unauthorized physical access, tampering, and theft.

The system of policies, procedures, and requirements established to protect unclassified information that may be withheld from release to the public under the provisions of policy or statute and those established pursuant to the authority of Executive Order 13526 (Reference (q)) to protect information that, if subjected to unauthorized disclosure, could r...

Care, services, or supplies related to the health of an individual. Health care includes, but is not limited to: Preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the physical or mental condition, or functional status, of an individual, or that affects th...

Software (e.g., a virus) designed to damage or disrupt a system.

Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability.

An electronic computing device (e.g., a laptop or a desktop computer), or any other device that performs similar functions, and electronic media stored in its immediate environment.

The individual with responsibility for and authority to accomplish program or system objectives for development, production, and sustainment to meet the user’s operational needs.

Encompass all of the administrative, physical, and technical safeguards in an information system.

The transactions covered by this instruction are the transmission of information between two parties to carry out financial or administrative activities related to health care, including: 

• Health care claims or equivalent encounter information.
• Health care payment and remittance advice.
• Coordinatio...

Includes memory devices in computers (e.g., hard disks, memory chips) and any removable or transportable digital memory medium, such as magnetic tape or disks, optical disks, digital memory cards, or transmission media used to exchange information already in electronic storage media. Transmission media include, for example, the internet, the extranet, lea...

The process of changing plaintext into ciphertext for the purpose of security or privacy.

A user that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.

Physical measures, policies, and procedures to protect an organization’s electronic ISs and related buildings and equipment from natural and environmental hazards and unauthorized intrusion.

Any information, whether oral or recorded in any form or medium that: Is created or received by a health care provider, health plan, public health authority, employer, life insurer, or school or university. Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or pas...