Website Security is Paramount

4.16. All Unit Commanders will:


4.16.1. Ensure assigned personnel use government provided equipment, government IT services, or Internet-based Capabilities accessed from government equipment for official, authorized, or limited authorized personal use according to AFMAN 33-152 and DoDI 8550.01. (T-0).


4.16.2. Maintain the security, integrity, and accountability of AF information on the Internet by establishing and maintaining public websites/capabilities inside the network demilitarized zone (DMZ) and private websites/capabilities inside the protections of government network security. Any AF website, servers, services, applications, or capabilities to be hosted on commercial servers or services outside of military or government cybersecurity boundaries requires AFSPC lead command approval. (T-0).


4.16.3. Ensure all publically accessible DoD Internet Services managed by the organization comply with applicable cybersecurity controls, information security procedures, OPSEC measures, and DoDI 8550.01 requirements including registration and dissemination guidance. (T-0).

20 AFI33-115 16 SEPTEMBER 2014


4.16.4. Control content on public websites through the Public Affairs (PA) office according to AFI 35-107, Public Web Communications and AFI 35-102, Security and Policy Review Process. (T-0).


4.16.5. Ensure all public websites and capabilities within the organization span of control are submitted to wing/base PA offices for review prior to their launch. ANG units will coordinate with their unit Public Affairs Officer (PAO) prior to their launch. ANG geographically separated units use their host wing for PAO support. (T-0).