DEPARTMENT OF THE ARMY
CHIEF INFORMATION OFFICER
107 ARMY PENTAGON
WASHINGTON DC
CS-SEC-SC-070
SAIS-CS (25-1rrrr)
14 April 2025
MEMORANDUM FOR SEE DISTRIBUTION
SUBJECT: Cybersecurity Service Providers Alignment Guidance
1. References.
a. AR 25-2 (Army Cybersecurity).
b. DoD M
anual 8530.01 (Cybersecurity Activities Support Procedures).
c. DoD Instruction 8530.01 (Cybersecurity Activities Support to DoD Information
Network Operations).
d. Off
ice of Management and Budget Memorandum M-21-31 (Improving the Federal
Government’s Investigative and Remediation Capabilities Related to Cybersecurity
Incidents), 27 August 2022.
e. DoD Instruction 8500.01 (Cybersecurity).
2. Purpose. This policy establishes the strategic guidance and requirements for system
owners (SOs) to use certified and authorized Cybersecurity Service Providers (CSSP)
across the Army’s Unified Network. Its intent is to maintain a secure and compliant
cybersecurity posture in alignment with Department of Defense (DoD) and Department
of the Army (DA) directives, regulations, and instructions.
3. Applicability.
a. Per AR 2
5-2, para 2-7, the Army Chief Information Officer (CIO), on behalf of the
Secretary of the Army, establishes policy, resourcing, and oversight of the Army
Cybersecurity Program. This policy memorandum meets provisions outlined in AR 25-
2, para 1-8, where the Army CIO, when needed, will issue policy memoranda to amplify
guidance for the policies in AR 25-2.
b. This policy memorandum applies to Principal Officials, Headquarters, Department
of the Army (HQDA) elements; Army Commands (ACOM); Army Service Component
Commands (ASCC); Direct Reporting Units (DRU); Senior Leaders of Agencies and
Activities; Program Executive Offices (PEO); and the Reserve Component of the Army
National Guard (ARNG).
