Department of Defense
INSTRUCTION
NUMBER 8582.01
June 6, 2012
Incorporating Change 1, October 27, 2017
DoD CIO
SUBJECT: Security of Unclassified DoD Information on Non-DoD Information Systems
References: See Enclosure 1
1. PURPOSE. This Instruction:
a. Establishes policy for managing the security of unclassified DoD information on non-DoD
information systems in accordance with the guidance in DoD Instruction (DoDI) 5025.01
(Reference (a)) and the authority in DoD Directive (DoDD) 5144.1 (Reference (b)).
b. Incorporates and cancels Directive-Type Memorandum 08-027 (Reference (c)).
2. APPLICABILITY. This Instruction:
a. Applies to:
(1) OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of
Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the
Department of Defense, the Defense Agencies, the DoD Field Activities, and all other
organizational entities within the DoD (hereinafter referred to collectively as the “DoD
Components”).
(2) The United States Coast Guard. The United States Coast Guard will adhere to DoD
cybersecurity requirements, standards, and policies in this instruction in accordance with the
direction in Paragraph 4a of the Memorandum of Agreement Between the Department of
Defense and the Department of Homeland Security (Reference (q)).
(3) All unclassified DoD information in the possession or control of non-DoD entities on
non-DoD information systems, to the extent provided by the applicable contract, grant, or other
legal agreement with the DoD.
