DOD components on the clock to certify compliance with classified access rules in the wake of Discord leaks

DOD CIO John Sherman testifies before the Senate Armed Services Committee, Subcommittee on Cybersecurity, in Washington, D.C.

DOD CIO John Sherman testifies before the Senate Armed Services Committee, Subcommittee on Cybersecurity, in Washington, D.C. E.J. Hersom/Department of Defense

Defense agencies have until May 2 to ensure IT systems are in compliance with a Defense Department memo outlining procedures for safeguarding classified materials.

Defense agencies have a week to ensure they are up to speed with information security procedures laid in an April 24 memo after classified data was leaked to a private Discord server. 

Signed by Defense Department chief information officer John Sherman, the memo calls on senior Pentagon leadership, combatant commanders, defense agency and DOD field activity directors to review and assess their compliance with cybersecurity and other controls for protecting classified information.

The memo comes in the wake of what has become known as the Discord Leaks, where 21-year-old Air National Guardsman Jack Douglas Teixeira allegedly posted classified U.S. defense documents on a Discord server, including military information regarding Russia’s war against Ukraine and U.S. intelligence of allied nations. 

The new memo calls on defense components to review cybersecurity controls and ensure their compliance with the implementation of User Activity Monitoring capabilities on National Security Systems. 

“These include access control, auditing and UAM across Secret Internet Protocol Router and Top Secret systems (e.g. Joint Worldwide Intelligence Communication System) that process, store and transmit classified information,” the memo said. 

Component CIOs must certify their systems’ compliance with several least privilege and security access controls by May 26, including restricting classified data access, such as limitations on printing classified information, reviewing distribution lists and email encryption. 

System owners will also have to certify that they have reviewed and minimized access to certain software products on the network and remove accounts that should no longer have access to information.

Components must also ensure system auditing capabilities are activated, as well as deploy UAM capabilities, triggers and analysis on classified endpoints to help ensure networks are being monitored.

Sherman said that he would work with the Intelligence Community CIO, the Office of the National Director for Intelligence and the Undersecretary of Defense for Intelligence and Security to help guide implementation and that his office would work on finalizing UAM triggers.