What guidance/instructions are reference for the DIACAP IA controls?
DoD 5200.1–R, "DoD Information Security Program," January 1997, i.e., Storage, Access, Classification, etc. DoD Directive C–5200.5 COMSEC activities ASD(C3I) Memorandum, dated June 4, 2001, "Disposition of Unclassified DoD Computer Hard Drives." DoD Directive S–5200.19, DoD TEMPEST DoD Instruction O–8530.2, defines reportable incidents, outlines a standard operating procedure for incident response. IATF, IA Technical Framework, Protection Profile Consistency Guidance for High, Medium, and Basic Robustness NIST FIPS 140–2, validated cryptography