CHIEF INFORMATION OFFICER
February 27, 2024
MEMORANDUM FOR SENIOR PENTAGON LEADERSHIP
COMMANDERS OF THE COMBATANT COMMANDS
DEFENSE AGENCY AND DOD FIELD ACTIVITY DIRECTORS
SUBJECT: Directive-type Memorandum (DTM) 24-001 – “DoD Cybersecurity Activities
Performed for Cloud Service Offerings”
References: See Attachment 1.
Purpose. In accordance with the authority in DoD Directive (DoDD) 5144.02, this DTM:
• Establishes policy, assigns responsibilities, and provides procedures for
cybersecurity and defensive cyberspace operations (DCO) activities that are
performed on DoD systems and technology by a cybersecurity service provider
(CSSP), DoD entity, or commercial entity on behalf of the mission owner or
authorizing official.
• Incorporates and cancels DoD Chief Information Officer (DoD CIO)
Memorandum, “Department of Defense Cyber Security Activities Performed for
Cloud Service Offerings,” November 15, 2017.
• Is effective February 27, 2024; it must be incorporated into DoD Instruction
(DoDI) 8530.01 and DoD Manual 8530.01. This DTM will expire effective
February 27, 2025
Applicability. This DTM applies to OSD, the Military Departments, the Office of the
Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office
of Inspector General of the Department of Defense, the Defense Agencies, the DoD Field
Activities, and all other organizational entities within the DoD (referred to collectively in this
DTM as the “DoD Components”).
Definitions. See Glossary.
Policy. The DoD will identify, protect, detect, respond, and recover DoD information,
systems, and technology.
Responsibilities. See Attachment 2.
DEPARTMENT OF DEFENSE
6000 DEFENSE PENTAGON
WASHINGTON, D.C. 20301-6000
