CAPR 120-1: Difference between revisions

CAP Regulation 120-1 INFORMATION TECHNOLOGY SECURITY

Civil Air Patrol Regulation 120-1

This regulation establishes policies and procedures for the management of Civil Air Patrol (CAP) electronic information and data systems including, but not limited to, servers, computer network systems, personal computers, software applications, websites, web applications and data files. Responsibilities for management and use of CAP radio networks is not within the scope CAPR 120-1. This regulation is applicable to all CAP units and members.

Purpose

1.1. The purpose of this regulation is to ensure the security and integrity of CAP information systems and data. This policy applies to all CAP members who have access to CAP IT assets, computer networks and corporate data and must be followed whether using CAP-owned IT assets or personal assets in the conduct of CAP business. Effective security is a team effort involving the participation and support of every CAP member who deals with information and/or information systems. Every computer user is responsible to know these guidelines, and to conduct his/her activities accordingly.

Roles and Definitions

Definitions

2.1.1. CAP resources are defined as any hardware, software or computer network that is provided by the Civil Air Patrol. Where responsibilities arise to protect CAP computer networks and data accessed via personally owned computing resources, including but not limited to mobile phones, laptops and tablets, those responsibilities will be called out specifically.

2.1.2. CAP Domain Operations are defined as any activity operated or conducted through the internet which makes use of a domain name that uses the name "Civil Air Patrol”, its insignia, copyrights, emblems, badges, descriptive or designating marks or words used in carrying out the Civil Air Patrol program. Civil Air Patrol’s names and marks are specifically owned by Civil Air Patrol pursuant to 36 United States Code § 40306.