Department of Defense
INSTRUCTION
NUMBER 8500.01
March 14, 2014
DoD CIO
SUBJECT: Cybersecurity
References: See Enclosure 1
1. PURPOSE. This instruction:
a. Reissues and renames DoD Directive (DoDD) 8500.01E (Reference (a)) as a DoD
Instruction (DoDI) pursuant to the authority in DoDD 5144.02 (Reference (b)) to establish a
DoD cybersecurity program to protect and defend DoD information and information technology
(IT).
b. Incorporates and cancels DoDI 8500.02 (Reference (c)), DoDD C-5200.19 (Reference
(d)), DoDI 8552.01 (Reference (e)), Assistant Secretary of Defense for Networks and
Information Integration (ASD(NII))/DoD Chief Information Officer (DoD CIO) Memorandums
(References (f) through (k)), and Directive-type Memorandum (DTM) 08-060 (Reference (l)).
c. Establishes the positions of DoD principal authorizing official (PAO) (formerly known as
principal accrediting authority) and the DoD Senior Information Security Officer (SISO)
(formerly known as the Senior Information Assurance Officer) and continues the DoD
Information Security Risk Management Committee (DoD ISRMC) (formerly known as the
Defense Information Systems Network (DISN)/Global Information Grid (GIG) Flag Panel).
d. Adopts the term “cybersecurity” as it is defined in National Security Presidential
Directive-54/Homeland Security Presidential Directive-23 (Reference (m)) to be used throughout
DoD instead of the term “information assurance (IA).”
2. APPLICABILITY
a. This instruction applies to:
(1) OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of
Staff (CJCS) and the Joint Staff, the Combatant Commands, the Office of the Inspector General
of the DoD, the Defense Agencies, the DoD Field Activities, and all other organizational entities
within the DoD (referred to collectively in this instruction as the “DoD Components”).
