Department of Defense
INSTRUCTION
NUMBER 8530.01
March 7, 2016
Incorporating Change 1, July 25, 2017
DoD CIO
SUBJECT: Cybersecurity Activities Support to DoD Information Network Operations
References: See Enclosure 1
1. PURPOSE. In accordance with the authority in DoD Directive (DoDD) 5144.02 (Reference
(a)), this instruction:
a. Reissues DoDD O-8530.1 (Reference (b)) as a DoD Instruction (DoDI) and incorporates
and cancels DoDI O-8530.2 (Reference (c)) to establish policy and assign responsibilities to
protect the Department of Defense information network (DoDINDODIN) against unauthorized
activity, vulnerabilities, or threats.
b. Supports the Joint Information Environment (JIE) concepts as outlined in JIE Operations
Concept of Operations (CONOPS) (Reference (d)).
c. Supports the formation of Cyber Mission Forces (CMF), development of the Cyber Force
Concept of Operations and Employment, evolution of cyber command and control, cyberspace
operations doctrine in Joint Publication 3-12 (Reference (e)), and evolving cyber threats.
d. Supports the Risk Management Framework (RMF) requirements to monitor security
controls continuously, determine the security impact of changes to the DoDINDODIN and
operational environment, and conduct remediation actions as described in DoDI 8510.01
(Reference (f).
e. Cancels Assistant Secretary of Defense for Command, Control, Communications, and
Intelligence Memorandum (Reference (g)).
2. APPLICABILITY. This instruction:
a. Applies to OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs
of Staff (CJCS) and the Joint Staff, the Combatant Commands, the Office of the Inspector
General of the Department of Defense (IG DoD), the Defense Agencies, the DoD Field
Activities, and all other organizational entities within the DoD (referred to collectively in this
instruction as the “DoD Components”).