Security Policy

This Security Policy outlines how MilAIAssist protects mission data, enforces access controls, and handles incidents. It is intended for system administrators, operators, and auditors.

Data Classification & Handling

Data created or imported into MilAIAssist may be unclassified, sensitive, or classified depending on the operational context. Treat all operational mission data as sensitive by default.

Do not upload classified data to public or third-party services without authorization.
Limit exports and sharing to authorized personnel.
Use ephemeral sessions for transient exercises where possible.

Retention & Export

Define retention schedules according to your organizational policy. MilAIAssist provides simple export options (GeoJSON, image snapshots) for offline archival; ensure exported files are handled securely.

Encryption & Transport Security

All network communications should use TLS. Sensitive data at rest should be encrypted by the hosting platform. Use organization-managed keys where available.

Authentication & Access Control

Follow the principle of least privilege. Maintain role-based access controls and consider multifactor authentication for all operator accounts. Log all administrative actions and review periodically.

Use unique operator accounts; avoid shared credentials.
Disable or remove accounts promptly when access is no longer required.
Use centralized identity providers (SAML/OAuth) if available.

Incident Reporting

If you suspect a security incident, preserve evidence and notify your security operations center immediately. Include:

Time and date of event
Accounts involved
Any exported files or suspicious network destinations

Contact & Revisions

For security questions or to report incidents, contact your local security office. This document was last revised on 8/26/2025.

Revision history and audit logs are maintained by the platform administrator.

Return to Home