DOD INSTRUCTION 8585.01
D
OD CYBER RED TEAMS
Originating Component: Office of the DoD Chief Information Officer
Effective: January 11, 2024
Releasability: Cleared for public release. Available on the Directives Division Website
at https://www.esd.whs.mil/DD/.
Approved by: John B. Sherman, DoD Chief Information Officer
Purpose: In accordance with the authority in DoD Directive 5144.02, this issuance:
• Establishes the DoD Cyber Assessment Program pursuant to:
o Section 1502 of Title 6, United States Code (U.S.C.).
o Section 2224 of Title 10, U.S.C.
o Chapter 35 of Title 44, U.S.C.
• Establishes policy and assigns responsibilities for the DoD Cyber Assessment Program requirements
and supporting sub-programs for all DoD Components involved in the development, acquisition, and
sustainment of DoD digital infrastructure, systems, and system components under their awareness
throughout the system’s lifecycle. The policy and procedures:
o Provide governance for the DoD Cyber Red Team (DCRT) community, mission prioritization,
deconfliction, and reporting of findings.
o Define scope and authorities of DCRTs and assign processes for validating the skills and
qualifications of those teams.
o Assign responsibilities for risk evaluation associated with conducting DCRT assessments and
the risks and results associated with the teams that conduct them.
• May affect the policy and responsibilities in Chairman of the Joint Chiefs of Staff (CJCS)
Instruction 6510.05 and Manual 6510.03 and supersedes any conflicting guidance in those documents.
