The U.S. Department of Defense (DoD) introduced the Design Criteria Standard for Electronic Records Management Software Applications (DoD 5015.02) in collaboration with National Archive and Records Administration (NARA). The Baseline, Classified, and Freedom of Information Act (FOIA) levels make up the DoD 5015.02 requested by the U.S. National Congress.
DoD 5015.02 Baseline vs. Classified Standards
Low-impact data is the focus of the baseline standard. It is most suitable for Commercial Solutions Openings (CSOs), where the loss of sensitive data would adversely affect such an agency's operations, resources, or personnel.
The DoD standard for classified information deals with high-impact data where the loss of confidentiality, integrity, or availability might have a severe or catastrophic negative impact on the organization, its assets, or its constituents. This data type is typically found in law enforcement agencies, emergency services, finance, and healthcare systems.
For Classified standards, DoD certified software needs the functions outlined by DoD – Chapter 4 in Version 2 and Chapter 5 in Version 3 – such as the ability to detect classified records in non-dedicated systems and automatically purge them.
Who Needs DoD 5015.2 Classified
It applies to the Military Departments, including the Office of the Chairman of the Joint Chiefs of Staff and other Defense Agencies. These DoD Field Activities and all other organizational entities within the DoD are collectively referred to as the "DoD Components."
It also applies to any third-party entity involved in creating, receiving, collecting, processing, maintaining, disseminating, disclosing, handling, or disposing of information on behalf of the DoD, such as NARA.
DoD Classified Specifications
The Department of Defense published the standard outlining the minimal requirements drawn from federal statutes and regulations that an ERM application must support for use within DoD in November 1997.
In June 2002, DoD updated 5015.02 to add new standards such as secret markings, access control, downgrading, and declassification. A test program to certify items against 5015.02 was also created by the DoD Joint Interoperability Test Command (JITC).
For ERM applications, the 5015.02 standard specifies minimal functional criteria. It outlines the design requirements to recognize, mark, keep, and dispose of electronic records. However, it doesn't determine how the product will provide these capabilities.
It also does not specify how an agency is to handle electronic records or how to carry out an ERM program. That is because its initial intent was to outline the mandatory and optional design specifications that a commercial off-the-shelf (COTS) product had to support to be compatible with DoD components.
Why DoD 5015.2 Classified
Although 5015.02 requires DoD to meet ERM application criteria, it is now the suggested benchmark for the rest of the federal government.
Apart from the Defense agencies, the Department of Education, the Environmental Protection Agency, the Department of Energy, and the Federal Deposit Insurance Corporation are also required to have 5015.02 certifications when choosing ERM applications.
Furthermore, as part of the ERM Initiative, NARA Bulletin 2003-03, published in January 2003, advises that all agencies choose an ERM application to manage the agency's electronic records using the second edition of the 5015.02 standard and DoD-certified products as a starting point.
Learn more about ZL's Classified Records Management Offering.
Next week, we'll look at How the Gulf War Paved the Way for DoD Records Management.