Department of Defense
INSTRUCTION
NUMBER 8540.01
May 8, 2015
Incorporating Change 1, August 28, 2017
DoD CIO
SUBJECT: Cross Domain (CD) Policy
References: See Enclosure 1
1. PURPOSE. This instruction:
a. Establishes policy, assigns responsibilities, and identifies procedures for the
interconnection of information systems (ISs) of different security domains using CD solutions
(CDSs) in accordance with the authority in DoD Directive (DoDD) 5144.02 (Reference (a)).
b. Aligns CD guidance for managing the information security risk and authorizing a CDS
with the Risk Management Framework (RMF) in accordance with DoD Instruction (DoDI)
8510.01 (Reference (b)) and DoDI 8500.01 (Reference (c)).
c. Supersedes and cancels Assistant Secretary of Defense for Command, Control,
Communications and Intelligence Memorandums (References (d) and (e)) and DoD Chief
Information Officer (DoD CIO) Memorandum (Reference (f)).
2. APPLICABILITY
a. This instruction applies to:
(1) OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of
Staff (CJCS) and the Joint Staff, the Combatant Commands, the Office of the Inspector General
of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other
organizational entities within the DoD (referred to collectively in this instruction as the “DoD
Components”).
(2) All DoD CDSs providing CD capabilities to, from, within, or between DoD ISs to
include mission partner (e.g., international, interagency, State government, or defense
contractors) ISs.
