DoDD 5200.47E
Anti-Tamper (AT)
DoDD 5200.47E
Anti-Tamper (AT)
DoDD 5200.47E
Anti-Tamper (AT)
DoDI 5000.02
Operation of the Adaptive Acquisition
Framework
DoDI 5000.02
Operation of the Adaptive Acquisition
Framework
DoDI 5000.02
Operation of the Adaptive Acquisition
Framework
DoDD 8140.01
Cyberspace Workforce Management
DoDD 8140.01
Cyberspace Workforce Management
DoDD 8140.01
Cyberspace Workforce Management
DoDI 8510.01
Risk Management Framework
for DoD IT
DoDI 8510.01
Risk Management Framework
for DoD IT
DoDI 8580.1
Information Assurance (IA) in the
Defense Acquisition System
DoDI 8580.1
Information Assurance (IA) in the
Defense Acquisition System
DoDD 3100.10
Space Policy
DoDD 3100.10
Space Policy
DoDI 1000.25
DoD Personnel Identity Protection
(PIP) Program
DoDI 1000.25
DoD Personnel Identity Protection
(PIP) Program
CNSSP-12
National IA Policy for Space Systems
Used to Support NSS
CNSSP-12
National IA Policy for Space Systems
Used to Support NSS
DoDD 8115.01
IT Portfolio Management
DoDD 8115.01
IT Portfolio Management
DoDD 8115.01
IT Portfolio Management
DoDI 8320.02
Sharing Data, Info, and IT Services in
the DoD
DoDI 8320.02
Sharing Data, Info, and IT Services in
the DoD
DoDI 8320.02
Sharing Data, Info, and IT Services in
the DoD
DoDI 8115.02
IT Portfolio Management
Implementation
DoDI 8115.02
IT Portfolio Management
Implementation
DoDI 8115.02
IT Portfolio Management
Implementation
DoDI S-5200.16
Objectives and Min Stds for COMSEC
Measures used in NC2 Comms
DoDI S-5200.16
Objectives and Min Stds for COMSEC
Measures used in NC2 Comms
CJCSI 6510.02F
Cryptographic Modernization Planning
CJCSI 6510.02F
Cryptographic Modernization Planning
CNSSI-4012
National IA Training Standard for
Senior Systems Managers
CNSSI-4012
National IA Training Standard for
Senior Systems Managers
DoDI 8170.01
Online Information Management and
Electronic Messaging
DoDI 8170.01
Online Information Management and
Electronic Messaging
DoDI 8170.01
Online Information Management and
Electronic Messaging
CNSSI-4013
National IA Training Standard For
System Administrators (SA)
CNSSI-4013
National IA Training Standard For
System Administrators (SA)
CNSSI-4016
National IA Training Standard For Risk
Analysts
CNSSI-4016
National IA Training Standard For Risk
Analysts
FIPS 199
Standards for Security Categorization
of Federal Info. and Info. Systems
FIPS 199
Standards for Security Categorization
of Federal Info. and Info. Systems
CNSSP-11
Nat’l Policy Governing the Acquisition
of IA and IA-Enabled IT
CNSSP-11
Nat’l Policy Governing the Acquisition
of IA and IA-Enabled IT
CNSSP-14
National Policy Governing the Release
of IA Products/Services…
CNSSP-14
National Policy Governing the Release
of IA Products/Services…
NIST SP 800-53 R5
Security & Privacy Controls for
Information Systems and Orgs.
NIST SP 800-53 R5
Security & Privacy Controls for
Information Systems and Orgs.
NIST SP 800-53A R5
Assessing Security & Privacy Controls
in Information Systems & Orgs.
NIST SP 800-53A R5
Assessing Security & Privacy Controls
in Information Systems & Orgs.
NIST SP 800-37 R2
Guide for Applying the Risk Mgt
Framework to Fed. Info. Systems
NIST SP 800-37 R2
Guide for Applying the Risk Mgt
Framework to Fed. Info. Systems
NIST SP 800-60, Vol 1, R1
Guide for Mapping Types of Info and
Info Systems to Security Categories
NIST SP 800-60, Vol 1, R1
Guide for Mapping Types of Info and
Info Systems to Security Categories
NIST SP 800-59
Guideline for Identifying an Information
System as a NSS
NIST SP 800-59
Guideline for Identifying an Information
System as a NSS
DoDI 8100.04
DoD Unified Capabilities (UC)
DoDI 8100.04
DoD Unified Capabilities (UC)
DoDI 4650.01
Policy and Procedures for Mgt and Use
of the Electromagnetic Spectrum
DoDI 4650.01
Policy and Procedures for Mgt and Use
of the Electromagnetic Spectrum
DoDD 7045.20
Capability Portfolio Management
DoDD 7045.20
Capability Portfolio Management
HSPD-12
Policy for a Common ID Standard for
Federal Employees and Contractors
HSPD-12
Policy for a Common ID Standard for
Federal Employees and Contractors
DoDI 5200.48
Controlled Unclassified
Information(CUI)
DoDI 5200.48
Controlled Unclassified
Information(CUI)
DoDI 5200.48
Controlled Unclassified
Information(CUI)
DoDI 5205.13
Defense Industrial Base (DIB) Cyber
Security (CS) / IA Activities
DoDI 5205.13
Defense Industrial Base (DIB) Cyber
Security (CS) / IA Activities
CNSSI-4008
Program for the Mgt and Use of Nat’l
Reserve IA Security Equipment
CNSSI-4008
Program for the Mgt and Use of Nat’l
Reserve IA Security Equipment
NSTISSI-4015
National Training Standard for System
Certifiers
NSTISSI-4015
National Training Standard for System
Certifiers
Build and Operate a Trusted DoDIN Build and Operate a Trusted DoDIN
DoDI 8420.01
Commercial WLAN Devices, Systems,
and Technologies
DoDI 8420.01
Commercial WLAN Devices, Systems,
and Technologies
DoDI 8420.01
Commercial WLAN Devices, Systems,
and Technologies
DFARS
Subpart 208.74, Enterprise Software
Agreements
DFARS
Subpart 208.74, Enterprise Software
Agreements
CJCSI 5123.01I
Charter of the JROC and
Implementation of the JCIDS
CJCSI 5123.01I
Charter of the JROC and
Implementation of the JCIDS
CJCSI 5123.01I
Charter of the JROC and
Implementation of the JCIDS
DoDI 7000.14
Financial Management Policy and
Procedures (PPBE)
DoDI 7000.14
Financial Management Policy and
Procedures (PPBE)
CNSSI-1253
Security Categorization and Control
Selection for Nat’l Security Systems
CNSSI-1253
Security Categorization and Control
Selection for Nat’l Security Systems
ABOUT THIS CHART
• This chart organizes cybersecurity policies and guidance by Strategic
Goal and Office of Primary Responsibility (see Color Key). Double-
clicking* on the box directs users to the most authoritative publicly
accessible source.
• Policies in italics indicate the document is marked for limited distribution
or no authoritative public-facing hyperlink is currently available.
• The linked sites are not controlled by the developers of this chart.
Please let us know if you believe the link is no longer valid.
• CNSS policies link only to the CNSS site.
• *Note: It is best to open this PDF directly in a browser. However, if you
are unable to open the links directly from this PDF document, place your
cursor over the target box and right-click to copy the link location. Open
a web browser and paste the copied link into the address bar.
• For the latest version of this chart or email alerts to updates go to https://
dodiac.dtic.mil/dod-cybersecurity-policy-chart/
ABOUT THIS CHART
• This chart organizes cybersecurity policies and guidance by Strategic
Goal and Office of Primary Responsibility (see Color Key). Double-
clicking* on the box directs users to the most authoritative publicly
accessible source.
• Policies in italics indicate the document is marked for limited distribution
or no authoritative public-facing hyperlink is currently available.
• The linked sites are not controlled by the developers of this chart.
Please let us know if you believe the link is no longer valid.
• CNSS policies link only to the CNSS site.
• *Note: It is best to open this PDF directly in a browser. However, if you
are unable to open the links directly from this PDF document, place your
cursor over the target box and right-click to copy the link location. Open
a web browser and paste the copied link into the address bar.
• For the latest version of this chart or email alerts to updates go to https://
dodiac.dtic.mil/dod-cybersecurity-policy-chart/
FIPS 140-3
Security Requirements for
Cryptographic Modules
FIPS 140-3
Security Requirements for
Cryptographic Modules
DoDI 8582.01
Security of Non-DoD Info Sys Processing
Unclassified Nonpublic DoD Information
DoDI 8582.01
Security of Non-DoD Info Sys Processing
Unclassified Nonpublic DoD Information
CJCSI 6211.02D
Defense Information System Network:
(DISN) Responsibilities
CJCSI 6211.02D
Defense Information System Network:
(DISN) Responsibilities
DoDD 8100.02
Use of Commercial Wireless Devices,
Services, and Tech in the DoD GIG
DoDD 8100.02
Use of Commercial Wireless Devices,
Services, and Tech in the DoD GIG
DoDD 8100.02
Use of Commercial Wireless Devices,
Services, and Tech in the DoD GIG
DoDI 8330.01
Interoperability of IT and National
Security Systems (NSS)
DoDI 8330.01
Interoperability of IT and National
Security Systems (NSS)
DoDI 8330.01
Interoperability of IT and National
Security Systems (NSS)
DoDI 8520.03
Identity Authentication for Information
Systems
DoDI 8520.03
Identity Authentication for Information
Systems
DoDI 8520.03
Identity Authentication for Information
Systems
CJCSI 3213.01D,
Joint Operations Security
CJCSI 3213.01D,
Joint Operations Security
RMF Knowledge ServiceRMF Knowledge ServiceRMF Knowledge Service
NIST 800-160, Vol.1 Rev.1,
Engineering of Trustworthy Secure
Systems
NIST 800-160, Vol.1 Rev.1,
Engineering of Trustworthy Secure
Systems
NIST 800-160, Vol.1 Rev.1,
Engineering of Trustworthy Secure
Systems
Distribution Statement A: Approved for Public Release.
Distribution is unlimited.
Design for the Fight Design for the Fight
ORGANIZE ORGANIZE
Partner for Strength Partner for Strength
Prevent and Delay Attackers
and Prevent Attackers from Staying
Prevent and Delay Attackers
and Prevent Attackers from Staying
Understand the Battlespace Understand the Battlespace
ANTICIPATE ANTICIPATE
Secure Data in Transit Secure Data in Transit
ENABLE ENABLE
DoDM 1000.13, Vol. 1
DoD ID Cards: ID Card Life-cycle
DoDM 1000.13, Vol. 1
DoD ID Cards: ID Card Life-cycle
Manage Access Manage Access
Assure Information Sharing Assure Information Sharing
Develop and Maintain Trust Develop and Maintain Trust
Strengthen Cyber Readiness Strengthen Cyber Readiness
PREPARE PREPARE
Sustain Missions Sustain Missions
CJCSM 6510.01B
Cyber Incident Handling Program
CJCSM 6510.01B
Cyber Incident Handling Program
CJCSM 6510.01B
Cyber Incident Handling Program
DoDI 8530.01, Cybersecurity Activities
Support to DoD Information Network
Operations
DoDI 8530.01, Cybersecurity Activities
Support to DoD Information Network
Operations
DoDM 8530.01 Cybersecurity Activities
Support Procedures
DoDM 8530.01 Cybersecurity Activities
Support Procedures
DoDI 5200.39
CPI Identification and Protection within
RDT&E
DoDI 5200.39
CPI Identification and Protection within
RDT&E
DoDI 5200.39
CPI Identification and Protection within
RDT&E
CJCSI 6510.01F
Information Assurance (IA) and
Computer Network Defense (CND)
CJCSI 6510.01F
Information Assurance (IA) and
Computer Network Defense (CND)
CNSSP-21
National IA Policy on Enterprise
Architectures for NSS
CNSSP-21
National IA Policy on Enterprise
Architectures for NSS
DoDI 8500.01
Cybersecurity
DoDI 8500.01
Cybersecurity
DoDD 8521.01E
Department of Defense Biometrics
DoDD 8521.01E
Department of Defense Biometrics
DoDD 8521.01E
Department of Defense Biometrics
DoDI 8523.01
Communications Security (COMSEC)
DoDI 8523.01
Communications Security (COMSEC)
ORGANIZE ORGANIZE
Lead and Govern Lead and Govern
DoDI 8560.01
COMSEC Monitoring
DoDI 8560.01
COMSEC Monitoring
DoDI 8560.01
COMSEC Monitoring
DODM 8140.03 Cyberspace Workforce
Qualification and Management
Program
DODM 8140.03 Cyberspace Workforce
Qualification and Management
Program
DoDD 3700.01
DoD Command and Control (C2)
Enabling Capabilities
DoDD 3700.01
DoD Command and Control (C2)
Enabling Capabilities
NIST SP 800-30, R1
Guide for Conducting Risk
Assessments
NIST SP 800-30, R1
Guide for Conducting Risk
Assessments
NIST SP 800-18, R1
Guide for Developing Security Plans
for Federal Information Systems
NIST SP 800-18, R1
Guide for Developing Security Plans
for Federal Information Systems
CNSSP-18
National Policy on Classified
Information Spillage
CNSSP-18
National Policy on Classified
Information Spillage
CNSSP-22, IA Risk Management
Policy for National Security Systems
CNSSP-22, IA Risk Management
Policy for National Security Systems
DoDD 3020.44
Defense Crisis Management
DoDD 3020.44
Defense Crisis Management
CNSSP-300
National Policy on Control of
Compromising Emanations
CNSSP-300
National Policy on Control of
Compromising Emanations
NSA IA Directorate (IAD) Management
Directive MD-110
Cryptographic Key Protection
NSA IA Directorate (IAD) Management
Directive MD-110
Cryptographic Key Protection
DODAF (Version 2.02)
DoD Architecture Framework
DODAF (Version 2.02)
DoD Architecture Framework
DODAF (Version 2.02)
DoD Architecture Framework
NIST SP 800-119
Guidelines for the Secure Deployment
of IPv6
NIST SP 800-119
Guidelines for the Secure Deployment
of IPv6
Joint Publication 6-0
Joint Communications System
Joint Publication 6-0
Joint Communications System
NIST SP 800-39
Managing Information Security Risk
NIST SP 800-39
Managing Information Security Risk
NIST SP 800-92
Guide to Computer Security Log
Management
NIST SP 800-92
Guide to Computer Security Log
Management
FIPS 200
Minimum Security Requirements for
Federal Information Systems
FIPS 200
Minimum Security Requirements for
Federal Information Systems
NSTISSI-3028
Operational Security Doctrine for the
FORTEZZA User PCMCIA Card
NSTISSI-3028
Operational Security Doctrine for the
FORTEZZA User PCMCIA Card
CNSSP-3
National Policy for Granting Access to
Classified Cryptographic Information
CNSSP-3
National Policy for Granting Access to
Classified Cryptographic Information
CNSSP-16
National Policy for the Destruction of
COMSEC Paper Material
CNSSP-16
National Policy for the Destruction of
COMSEC Paper Material
CNSSI-4001
Controlled Cryptographic Items
CNSSI-4001
Controlled Cryptographic Items
CNSSI-4003
Reporting and Evaluating COMSEC
Incidents
CNSSI-4003
Reporting and Evaluating COMSEC
Incidents
CNSSI-5000
Voice Over Internet Protocol (VoIP)
Computer Telephony (Annex I, VoSIP)
CNSSI-5000
Voice Over Internet Protocol (VoIP)
Computer Telephony (Annex I, VoSIP)
CNSSI-5001
Type-Acceptance Program for VoIP
Telephones
CNSSI-5001
Type-Acceptance Program for VoIP
Telephones
NACSI-6002
Nat’l COMSEC Instruction Protection of
Gov’t Contractor Telecomm’s
NACSI-6002
Nat’l COMSEC Instruction Protection of
Gov’t Contractor Telecomm’s
NSTISSP-101
National Policy on Securing Voice
Communications
NSTISSP-101
National Policy on Securing Voice
Communications
CNSSP-1
National Policy for Safeguarding and
Control of COMSEC Material
CNSSP-1
National Policy for Safeguarding and
Control of COMSEC Material
CNSSP-17
Policy on Wireless Communications:
Protecting Nat’l Security Info
CNSSP-17
Policy on Wireless Communications:
Protecting Nat’l Security Info
CNSSP-15
Use of Pub Standards for Secure
Sharing of Info Among NSS
CNSSP-15
Use of Pub Standards for Secure
Sharing of Info Among NSS
CNSSP-15
Use of Pub Standards for Secure
Sharing of Info Among NSS
CNSSP-25
National Policy for PKI in National
Security Systems
CNSSP-25
National Policy for PKI in National
Security Systems
CNSSI-7003
Protected Distribution Systems (PDS)
CNSSI-7003
Protected Distribution Systems (PDS)
CNSSP-19
National Policy Governing the Use of
HAIPE Products
CNSSP-19
National Policy Governing the Use of
HAIPE Products
NACSI-2005
Communications Security (COMSEC)
End Item Modification
NACSI-2005
Communications Security (COMSEC)
End Item Modification
CNSSI-4006
Controlling Authorities for COMSEC
Material
CNSSI-4006
Controlling Authorities for COMSEC
Material
DoDD 3020.40
Mission Assurance
DoDD 3020.40
Mission Assurance
DoDD 3020.40
Mission Assurance
DoDD 5144.02
DoD Chief Information Officer
DoDD 5144.02
DoD Chief Information Officer
DoDI 8410.02
Support to DoD Information Network
Operations
DoDI 8410.02
Support to DoD Information Network
Operations
Defense Acquisition Guidebook
Program Protection
Defense Acquisition Guidebook
Program Protection
CNSSI-1001
National Instruction on Classified
Information Spillage
CNSSI-1001
National Instruction on Classified
Information Spillage
CNSSI-4004.1, Destruction and
Emergency Protection Procedures for
COMSEC and Class. Material
CNSSI-4004.1, Destruction and
Emergency Protection Procedures for
COMSEC and Class. Material
CNSSI-7000
TEMPEST Countermeasures for
Facilities
CNSSI-7000
TEMPEST Countermeasures for
Facilities
NSTISSI-7001
NONSTOP Countermeasures
NSTISSI-7001
NONSTOP Countermeasures
DoDD 3020.26
DoD Continuity Policy
DoDD 3020.26
DoD Continuity Policy
CNSSI-4000
Maintenance of Communications
Security (COMSEC) Equipment
CNSSI-4000
Maintenance of Communications
Security (COMSEC) Equipment
CNSSI-4014
National IA Training Standard For
Information Systems Security Officers
CNSSI-4014
National IA Training Standard For
Information Systems Security Officers
CNSSI-4007
Communications Security (COMSEC)
Utility Program
CNSSI-4007
Communications Security (COMSEC)
Utility Program
NIST SP 800-128
Guide for Security-Focused
Configuration Mgt of Info Systems
NIST SP 800-128
Guide for Security-Focused
Configuration Mgt of Info Systems
NIST SP 800-126, R3
SCAP Ver. 1.3
NIST SP 800-126, R3
SCAP Ver. 1.3
NIST SP 800-137
Information Security Continuous
Monitoring (ISCM)
NIST SP 800-137
Information Security Continuous
Monitoring (ISCM)
STIGs, SRGs, and TCGsSTIGs, SRGs, and TCGsSTIGs, SRGs, and TCGs
OPERATIONAL/SUBORDINATE POLICY OPERATIONAL/SUBORDINATE POLICY
NSA CS Advisories and GuidanceNSA CS Advisories and Guidance
CNSSD-900, Governing Procedures of
the Committee on National Security
Systems
CNSSD-900, Governing Procedures of
the Committee on National Security
Systems
EO 13691
Promoting Private Sector
Cybersecurity Information Sharing
EO 13691
Promoting Private Sector
Cybersecurity Information Sharing
FAR
Federal Acquisition Regulation
FAR
Federal Acquisition Regulation
NIST Special Publication 800-Series NIST Special Publication 800-Series
NSD 42, National Policy for the
Security of Nat’l Security Telecom and
Information Systems
NSD 42, National Policy for the
Security of Nat’l Security Telecom and
Information Systems
A-130, Management of Fed Info
Resources
A-130, Management of Fed Info
Resources
NSPD 54 / HSPD 23
Computer Security and Monitoring
NSPD 54 / HSPD 23
Computer Security and Monitoring
NATIONAL / FEDERAL NATIONAL / FEDERAL
CNSSD-901
Nat’l Security Telecomm’s and Info Sys
Security (CNSS) Issuance System
CNSSD-901
Nat’l Security Telecomm’s and Info Sys
Security (CNSS) Issuance System
CNSSD-502
National Directive On Security of
National Security Systems
CNSSD-502
National Directive On Security of
National Security Systems
Computer Fraud and Abuse Act
Title 18 (§1030)
Computer Fraud and Abuse Act
Title 18 (§1030)
Federal Wiretap Act
Title 18 (§2510 et seq.)
Federal Wiretap Act
Title 18 (§2510 et seq.)
Pen Registers and Trap and Trace
Devices
Title 18 (§3121 et seq.)
Pen Registers and Trap and Trace
Devices
Title 18 (§3121 et seq.)
EO 13526
Classified National Security Information
EO 13526
Classified National Security Information
Foreign Intelligence Surveillance Act
Title 50 (§1801 et seq)
Foreign Intelligence Surveillance Act
Title 50 (§1801 et seq)
Stored Communications Act
Title 18 (§2701 et seq.)
Stored Communications Act
Title 18 (§2701 et seq.)
2023 National Cybersecurity
Strategy
2023 National Cybersecurity
Strategy
CNSSI-4009
Cmte on National Security Systems
Glossary
CNSSI-4009
Cmte on National Security Systems
Glossary
AUTHORITIES AUTHORITIES
Title 10, US Code
Armed Forces
(§§2224, 3013(b), 5013(b), 8013(b))
Title 10, US Code
Armed Forces
(§§2224, 3013(b), 5013(b), 8013(b))
Title 32, US Code
National Guard
(§102)
Title 32, US Code
National Guard
(§102)
Title 40, US Code
Public Buildings, Property, and Works
(Ch. 113: §§11302, 11315, 11331)
Title 40, US Code
Public Buildings, Property, and Works
(Ch. 113: §§11302, 11315, 11331)
Title 50. US Code
War and National Defense
(§§3002, 1801)
Title 50. US Code
War and National Defense
(§§3002, 1801)
Title 50. US Code
War and National Defense
(§§3002, 1801)
Title 44, US Code
Federal Information Security Mod. Act,
(Chapter 35)
Title 44, US Code
Federal Information Security Mod. Act,
(Chapter 35)
Clinger-Cohen Act, Pub. L. 104-106 Clinger-Cohen Act, Pub. L. 104-106 Clinger-Cohen Act, Pub. L. 104-106
Title 14, US Code
Cooperation With Other Agencies
(Ch. 7)
Title 14, US Code
Cooperation With Other Agencies
(Ch. 7)
Title 14, US Code
Cooperation With Other Agencies
(Ch. 7)
UCP
Unified Command Plan
(US Constitution Art II, Title 10 & 50)
UCP
Unified Command Plan
(US Constitution Art II, Title 10 & 50)
CNSSI-4005
Safeguarding COMSEC
Facilities and Materials
CNSSI-4005
Safeguarding COMSEC
Facilities and Materials
NIST SP 800-153
Guidelines for Securing Wireless Local
Area Networks
NIST SP 800-153
Guidelines for Securing Wireless Local
Area Networks
CNSSI-1300
Instructions for NSS PKI X.509
CNSSI-1300
Instructions for NSS PKI X.509
NIST SP 800-144
Guidelines on Security and Privacy in
Public Cloud Computing
NIST SP 800-144
Guidelines on Security and Privacy in
Public Cloud Computing
CNSSI-1253F, Atchs 1-5 (CAC req’d)
Security Overlays
CNSSI-1253F, Atchs 1-5 (CAC req’d)
Security Overlays
CNSSI-5002, Telephony Isolation Used
for Unified Comms. Implementations w/
in Physically Protected Spaces
CNSSI-5002, Telephony Isolation Used
for Unified Comms. Implementations w/
in Physically Protected Spaces
CNSSAM IA 1-10, Reducing Risk of
Removable Media in NSS
CNSSAM IA 1-10, Reducing Risk of
Removable Media in NSS
MOA between DoD CIO and ODNI CIO
Establishing Net-Centric Software
Licensing Agreements
MOA between DoD CIO and ODNI CIO
Establishing Net-Centric Software
Licensing Agreements
MOA between DoD CIO and ODNI CIO
Establishing Net-Centric Software
Licensing Agreements
NIST SP 800-61, R2
Computer Security Incident Handling
Guide
NIST SP 800-61, R2
Computer Security Incident Handling
Guide
Executive Order 13231 (as amended
by EO 13286) Critical Infrastructure
Protection in the Info Age
Executive Order 13231 (as amended
by EO 13286) Critical Infrastructure
Protection in the Info Age
EO 13587
Structural Reforms To Improve
Classified Nets
EO 13587
Structural Reforms To Improve
Classified Nets
DoDM 5105.21V1, SCI Admin Security
Manual: Info and Info Sys Security
DoDM 5105.21V1, SCI Admin Security
Manual: Info and Info Sys Security
DoDD 8000.01
Management of the DOD Information
Enterprise
DoDD 8000.01
Management of the DOD Information
Enterprise
DoDD 8000.01
Management of the DOD Information
Enterprise
DIB CS Program Security
Classification Guide (CAC required)
DIB CS Program Security
Classification Guide (CAC required)
DIB CS Program Security
Classification Guide (CAC required)
NISTIR 7298, R3, Glossary of Key
Information Security Terms
NISTIR 7298, R3, Glossary of Key
Information Security Terms
NIST SP 800-124, R2
Guidelines for Managing the Security of
Mobile Devices in the Enterprise
NIST SP 800-124, R2
Guidelines for Managing the Security of
Mobile Devices in the Enterprise
PPD 28, Signals Intelligence ActivitiesPPD 28, Signals Intelligence ActivitiesPPD 28, Signals Intelligence Activities
Develop the Workforce Develop the Workforce
PPD 21: Critical Infrastructure Security
and Resilience
PPD 21: Critical Infrastructure Security
and Resilience
PPD 21: Critical Infrastructure Security
and Resilience
EO 13800: Strengthening
Cybersecurity of Fed Nets and CI
EO 13800: Strengthening
Cybersecurity of Fed Nets and CI
EO 13800: Strengthening
Cybersecurity of Fed Nets and CI
CNSS Whitepaper 20140516
National Secret Fabric Architecture
Recommendations
CNSS Whitepaper 20140516
National Secret Fabric Architecture
Recommendations
NISTIR 7693
Specification for Asset Identification 1.1
NISTIR 7693
Specification for Asset Identification 1.1
NIST SP 800-171, R3
Protecting CUI in Nonfederal Systems
and Organizations (see also 171A)
NIST SP 800-171, R3
Protecting CUI in Nonfederal Systems
and Organizations (see also 171A)
DoDI 5200.01
DoD Information Security Program and
Protection of SCI
DoDI 5200.01
DoD Information Security Program and
Protection of SCI
DoDI 5200.01
DoD Information Security Program and
Protection of SCI
PPD 41: United States Cyber Incident
Coordination
PPD 41: United States Cyber Incident
Coordination
PPD 41: United States Cyber Incident
Coordination
DoDI 8310.01
Information Technology Standards
in the DoD
DoDI 8310.01
Information Technology Standards
in the DoD
DoDI 8310.01
Information Technology Standards
in the DoD
CJCSM 6510.02
IA Vulnerability Mgt Program
CJCSM 6510.02
IA Vulnerability Mgt Program
NIST SP 800-88, R1,Guidelines for
Media Sanitization
NIST SP 800-88, R1,Guidelines for
Media Sanitization
DoDI S-5240.23
Counterintelligence (CI) Activities in
Cyberspace
DoDI S-5240.23
Counterintelligence (CI) Activities in
Cyberspace
CNSSP-28
Cybersecurity of Unmanned National
Security Systems
CNSSP-28
Cybersecurity of Unmanned National
Security Systems
DoDI 8551.01
Ports, Protocols, and Services
Management (PPSM)
DoDI 8551.01
Ports, Protocols, and Services
Management (PPSM)
DoDI 8551.01
Ports, Protocols, and Services
Management (PPSM)
Joint Special Access Program (SAP)
Implementation Guide (JSIG)
Joint Special Access Program (SAP)
Implementation Guide (JSIG)
CNSSP-24
Policy on Assured Info Sharing (AIS)
for National Security Systems(NSS)
CNSSP-24
Policy on Assured Info Sharing (AIS)
for National Security Systems(NSS)
CNSSP-24
Policy on Assured Info Sharing (AIS)
for National Security Systems(NSS)
JFHQ-DODIN OrdersJFHQ-DODIN OrdersCYBERCOM OrdersCYBERCOM Orders
NIST SP 800-163, R1
Vetting the Security of
Mobile Applications
NIST SP 800-163, R1
Vetting the Security of
Mobile Applications
DoD Information Technology
Environment Strategic Plan
DoD Information Technology
Environment Strategic Plan
EO 13873: Securing the Information
and Communications Technology and
Services Supply Chain
EO 13873: Securing the Information
and Communications Technology and
Services Supply Chain
ICD 503
IT Systems Security Risk Management
and C&A
ICD 503
IT Systems Security Risk Management
and C&A
ICD 503
IT Systems Security Risk Management
and C&A
DoD 5220.22-M, Ch. 2
National Industrial Security Program
Operating Manual (NISPOM)
DoD 5220.22-M, Ch. 2
National Industrial Security Program
Operating Manual (NISPOM)
DoD 5220.22-M, Ch. 2
National Industrial Security Program
Operating Manual (NISPOM)
CNSSD-506
National Directive to Implement PKI on
Secret Networks
CNSSD-506
National Directive to Implement PKI on
Secret Networks
NIST SP 800-101, R1
Guidelines on Mobile Device Forensics
NIST SP 800-101, R1
Guidelines on Mobile Device Forensics
UFC 4-010-06,
Cybersecurity of Facility-Related
Control Systems
UFC 4-010-06,
Cybersecurity of Facility-Related
Control Systems
NIST SP 800-82, R3
Guide to Operational Technology (OT)
Security
NIST SP 800-82, R3
Guide to Operational Technology (OT)
Security
NIST SP 800-34, R1
Contingency Planning Guide for
Federal Information Systems
NIST SP 800-34, R1
Contingency Planning Guide for
Federal Information Systems
DoDI 8520.02
Public Key Infrastructure (PKI) and
Public Key (PK) Enabling
DoDI 8520.02
Public Key Infrastructure (PKI) and
Public Key (PK) Enabling
DoDI 8520.02
Public Key Infrastructure (PKI) and
Public Key (PK) Enabling
NIST SP 800-63 series
Digital Identity Guidelines
NIST SP 800-63 series
Digital Identity Guidelines
NIST SP 800-125A, R1, Security
Recommendations for Hypervisor
Platforms
NIST SP 800-125A, R1, Security
Recommendations for Hypervisor
Platforms
EO 13636: Improving Critical
Infrastructure Cybersecurity
EO 13636: Improving Critical
Infrastructure Cybersecurity
Cybersecurity-Related Policies and Issuances
Developed by the DoD Deputy CIO for Cybersecurity
Last Updated: September 16, 2024
Send questions/suggestions to contact@csiac.org
Cybersecurity-Related Policies and Issuances
Developed by the DoD Deputy CIO for Cybersecurity
Last Updated: September 16, 2024
Send questions/suggestions to contact@csiac.org
CNSSD-507
National Directive for ICAM
Capabilities...
CNSSD-507
National Directive for ICAM
Capabilities...
DoDI 8531.01, DoD Vulnerability
Management
DoDI 8531.01, DoD Vulnerability
Management
DoDI 8531.01, DoD Vulnerability
Management
NIST SP 800-181 R1
Workforce Framework for
Cybersecurity
NIST SP 800-181 R1
Workforce Framework for
Cybersecurity
DoDI 5205.83
DoD Insider Threat and Management
and Analysis Center
DoDI 5205.83
DoD Insider Threat and Management
and Analysis Center
DoDI 5205.83
DoD Insider Threat and Management
and Analysis Center
DoDM 5205.02
DoD Operations Security (OPSEC)
Program Manual
DoDM 5205.02
DoD Operations Security (OPSEC)
Program Manual
DoDI 5000.87
Operation of the Software Acquisition
Pathway
DoDI 5000.87
Operation of the Software Acquisition
Pathway
DoDI 5000.87
Operation of the Software Acquisition
Pathway
DoDD O-5100.19 (CAC req’d)
Critical Information Communications
(CRITCOM) System
DoDD O-5100.19 (CAC req’d)
Critical Information Communications
(CRITCOM) System
DoDD O-5100.19 (CAC req’d)
Critical Information Communications
(CRITCOM) System
DoDM 3305.09
Cryptologic Accreditation and
Certification
DoDM 3305.09
Cryptologic Accreditation and
Certification
NIST SP 1800-16
Securing Web Transactions: TLS
Server Certificate Management
NIST SP 1800-16
Securing Web Transactions: TLS
Server Certificate Management
NIST SP 800-207
Zero Trust Architecture
NIST SP 800-207
Zero Trust Architecture
NIST SP 800-210
General Access Control Guidance for
Cloud Systems
NIST SP 800-210
General Access Control Guidance for
Cloud Systems
NIST SP 800-209
Security Guidelines for Storage
Infrastructure
NIST SP 800-209
Security Guidelines for Storage
Infrastructure
NIST SP 800-209
Security Guidelines for Storage
Infrastructure
2023 DoD Data, Analytics, and
Artificial Intelligence Adoption
Strategy
2023 DoD Data, Analytics, and
Artificial Intelligence Adoption
Strategy
Cybersecurity Maturity Model
Certification (CMMC)
Cybersecurity Maturity Model
Certification (CMMC)
DoDI 5000.83
Technology & Program Protection to
Maintain Technological Advantage
DoDI 5000.83
Technology & Program Protection to
Maintain Technological Advantage
NIST SP 1800-26
Data Integrity: Detecting & Responding to
Ransomware
NIST SP 1800-26
Data Integrity: Detecting & Responding to
Ransomware
NIST SP 800-172
Enhanced Security Requirements for
Protecting CUI (see also 172A)
NIST SP 800-172
Enhanced Security Requirements for
Protecting CUI (see also 172A)
MOA Between DoD and DHS
(Jan. 19, 2017)
MOA Between DoD and DHS
(Jan. 19, 2017)
DoDI 5000.90, Cybersecurity for
Acquisition Decision Authorities and
Program Managers
DoDI 5000.90, Cybersecurity for
Acquisition Decision Authorities and
Program Managers
NIST SP 1800-25 Data Integrity:
Identifying and Protecting Assets
Against Ransomware
NIST SP 1800-25 Data Integrity:
Identifying and Protecting Assets
Against Ransomware
EO 14028: Improving the Nation’s
Cybersecurity
EO 14028: Improving the Nation’s
Cybersecurity
CNSSP-10
Nat’l Policy Gov. Use of Approved Sec.
Containers in Info Security Applications
CNSSP-10
Nat’l Policy Gov. Use of Approved Sec.
Containers in Info Security Applications
CNSSD-504 Protecting National
Security Systems from Insider Threat
CNSSD-504 Protecting National
Security Systems from Insider Threat
CNSSD-505
Supply Chain Risk Management
CNSSD-505
Supply Chain Risk Management
CNSSD-520
The Use of Mobile Devices to Process
Nat’l Sec. Info. Outside Secure Spaces
CNSSD-520
The Use of Mobile Devices to Process
Nat’l Sec. Info. Outside Secure Spaces
CNSSI-1011
Implementing Host-Based Security
Capabilities on NSS
CNSSI-1011
Implementing Host-Based Security
Capabilities on NSS
CNSSI-1013
Network Intrusion Detection Sys &
Intrusion Prevention Sys (IDS/IPS)
CNSSI-1013
Network Intrusion Detection Sys &
Intrusion Prevention Sys (IDS/IPS)
NIST SP 800-213
IoT Device Cybersecurity Guidance for
the Federal Government
NIST SP 800-213
IoT Device Cybersecurity Guidance for
the Federal Government
FIPS 201-3
Personal Identity Verification (PIV) of
Federal Employees and Contractors
FIPS 201-3
Personal Identity Verification (PIV) of
Federal Employees and Contractors
CNSSP-200
National Policy on Controlled Access
Protection
CNSSP-200
National Policy on Controlled Access
Protection
NSTISSD-600 Communications
Security Monitoring
NSTISSD-600 Communications
Security Monitoring
CNSSP-32 Cloud Security for National
Security Systems
CNSSP-32 Cloud Security for National
Security Systems
DoDD 5000.01
Defense Acquisition Framework
DoDD 5000.01
Defense Acquisition Framework
DoDD 5000.01
Defense Acquisition Framework
DoD Security Classification GuidesDoD Security Classification Guides
Component-level Policy
(Directives, Instructions, Publications,
Memoranda)
2023 National Intelligence
Strategy
2023 National Intelligence
Strategy
2023 National Intelligence
Strategy
National Cybersecurity Strategy
Implementation Plan
National Cybersecurity Strategy
Implementation Plan
DoDI 8530.03 Cyber Incident
Response
DoDI 8530.03 Cyber Incident
Response
DoDI 5000.82 Requirements for the
Acquisition of Digital Capabilities
DoDI 5000.82 Requirements for the
Acquisition of Digital Capabilities
DoDI 5000.82 Requirements for the
Acquisition of Digital Capabilities
NIST SP 800-218 Secure Software
Development Framework (SSDF)
NIST SP 800-218 Secure Software
Development Framework (SSDF)
DoDD 5101.23E DoD Executive
Agent for Advanced Cyber Training
Curricula
DoDD 5101.23E DoD Executive
Agent for Advanced Cyber Training
Curricula
NIST SP 1800-22
Mobile Device Security: Bring Your
Own Device (BYOD)
NIST SP 1800-22
Mobile Device Security: Bring Your
Own Device (BYOD)
NIST SP 800-221 Enterprise Impact of
Information and Communications
Technology Risk
NIST SP 800-221 Enterprise Impact of
Information and Communications
Technology Risk
United States Intelligence
Community Information Sharing
Strategy
United States Intelligence
Community Information Sharing
Strategy
United States Intelligence
Community Information Sharing
Strategy
DoDI 8140.02 Identification, Tracking,
And Reporting of Cyberspace
Workforce Requirements
DoDI 8140.02 Identification, Tracking,
And Reporting of Cyberspace
Workforce Requirements
DoDI 5200.44
Protection of Mission Critical Functions
to Achieve Trusted Systems / Networks
DoDI 5200.44
Protection of Mission Critical Functions
to Achieve Trusted Systems / Networks
DoDI 5200.44
Protection of Mission Critical Functions
to Achieve Trusted Systems / Networks
EO 14117: Preventing Access to
Americans' Sensitive / US Government
Data by Countries of Concern
EO 14117: Preventing Access to
Americans' Sensitive / US Government
Data by Countries of Concern
DTM-24-001 DoD Cybersecurity
Activities Performed for Cloud Service
Offerings
DTM-24-001 DoD Cybersecurity
Activities Performed for Cloud Service
Offerings
DoDD 5101.21E
Unified Platform and Joint
Cyber Command and Control (JCC2)
DoDD 5101.21E
Unified Platform and Joint
Cyber Command and Control (JCC2)
DoDI 8520.04
Access Management for DoD
Information Systems
DoDI 8520.04
Access Management for DoD
Information Systems
DoDI 8520.04
Access Management for DoD
Information Systems
