Department of Defense
INSTRUCTION
NUMBER 8500.01
March 14, 2014
Incorporating Change 1, Effective October 7, 2019
DoD CIO
SUBJECT: Cybersecurity
References: See Enclosure 1
1. PURPOSE. This instruction:
a. Reissues and renames DoD Directive (DoDD) 8500.01E (Reference (a)) as a DoD
Instruction (DoDI) pursuant to the authority in DoDD 5144.02 (Reference (b)) to establish a
DoD cybersecurity program to protect and defend DoD information and information technology
(IT).
b. Incorporates and cancels DoDI 8500.02 (Reference (c)), DoDD C-5200.19 (Reference
(d)), DoDI 8552.01 (Reference (e)), Assistant Secretary of Defense for Networks and
Information Integration (ASD(NII))/DoD Chief Information Officer (DoD CIO) Memorandums
(References (f) through (k)), and Directive-type Memorandum 08-060 (Reference (l)).
c. Establishes the positions of DoD principal authorizing official (PAO) and the DoD Senior
Information Security Officer (SISO) and continues the DoD Information Security Risk
Management Committee (DoD ISRMC).
d. Adopts the term “cybersecurity” as it is defined in National Security Presidential
Directive-54/Homeland Security Presidential Directive-23 (Reference (m)) to be used throughout
DoD instead of the term “information assurance (IA).”
2. APPLICABILITY
a. This instruction applies to:
(1) OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of
Staff (CJCS) and the Joint Staff, the Combatant Commands, the Office of the Inspector General
of the DoD, the Defense Agencies, the DoD Field Activities, and all other organizational entities
within the DoD (referred to collectively in this instruction as the “DoD Components”).
